Encryption for service tools user ID passwords
Password encryption using Data Encryption Standard (DES), Secure Hash Algorithm (SHA), and Password-based Key Derivation Function 2 (PBKDF2) with HMAC SHA512 (SHA-2 512 bit).
Password level 1, DES encryption
When you use DES encryption, service tools user IDs and passwords have the following characteristics:
- Use 10-digit, uppercase user IDs.
- Use 8-digit, case-sensitive passwords. When you create a user ID and password, the minimum required for the password is 1 digit. When you change a password, the minimum required is dependent upon the minimum password length.
- Passwords for user IDs do not expire after 180 days.
- Even though passwords don't expire at password level 1, they still can be created as expired.
- By default, the initial passwords for IBM-supplied service tools user IDs are set as expired.
Password level 2, SHA encryption
When you use SHA encryption, service tools user IDs and passwords have the following characteristics:
- Use 10-digit, uppercase user IDs.
- Use 128-digit case-sensitive passwords. The password must follow the password rules set in SST. This includes the minimum and maximum password length.
- By default, passwords are initially set as not expired (unless explicitly set on the display to expire).
Password level 3, Password-based Key Derivation Function 2 (PBKDF2) with HMAC SHA512 (SHA-2 512 bit) encryption
When you use PBKDF2 with HMAC SHA512 encryption, service tools user IDs and passwords have the following characteristics:
- Use 10-digit, uppercase user IDs.
- Use 128-digit case-sensitive passwords. The password must follow the password rules set in SST. This includes the minimum and maximum password length.
- By default, passwords are initially set as not expired (unless explicitly set on the display to expire).
Change to use SST password level 2 or 3
To change to use SST password level 2 or 3, perform the following steps using SST, DST, or the Change SST Security Attributes (CHGSSTSECA) command.
Using SST:
- Access SST
- Select option 8 (Work with Service Tools Server Security and devices).
- Select option 4 (Change service tools password level), enter new password level (2 or 3), and press Enter.
- Press Enter again to confirm your change. The current password level is displayed.
Using DST:
- Access DST
- Select option 5 (Work with DST environment).
- Select option 4 (Service tools security data).
- Select option 6 (Change service tools password level), enter new password level (2 or 3), and press Enter.
- Press Enter again to confirm your change. The current password level is displayed.
Using the Change
SST Security Attributes (CHGSSTSECA) command:
- Specify a value of 2 or 3 for the Service tools password level (SSTPWDLVL) parameter.
- To display the current password level use the Display SST Security Attributes (DSPSSTSECA) command.