Password migration

When you use the API to create a user, you can provide a value for the user’s password attribute.

This capability supports plain text passwords that are encrypted when they are set, random password generation by the service, and pre-defined encrypted hashes. IBM® Security Verify supports the following 1-way hash algorithms.
Crypt
Passwords are encrypted by the UNIX crypt encryption algorithm before they are stored in the directory. Passwords with this hashing algorithm that are imported via API must have the prefix {Crypt}.
MD5
Passwords are encrypted by the MD5 Message Digest algorithm before they are stored in the directory. Passwords with this hashing algorithm that are imported via API must have the prefix {MD5}.
SHA-1
Passwords are encrypted by the SHA-1 encryption algorithm before they are stored in the directory. Passwords with this hashing algorithm that are imported via API must have the prefix {SHA1}.
Salted SHA-1
Passwords are encrypted by the Salted SHA-1 encryption algorithm before they are stored in the directory. Passwords with this hashing algorithm that are imported via API must have the prefix {SSHA1}.
SHA-2
Passwords are encrypted by the SHA-2 family of encryption algorithm before they are stored in the directory. The following encryption schemes are supported under the SHA-2 family of encryption algorithm:
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512
Passwords with this hashing algorithm that are imported via API must have the prefix {SHA###}, where the numbers represent the SHA number value.
Salted SHA-2
Passwords are encrypted by the Salted SHA-2 family of encryption algorithm before they are stored in the directory. The following encryption schemes are supported under the Salted SHA-2 family of encryption algorithm:
  • SSHA-224
  • SSHA-256
  • SSHA-384
  • SSHA-512
Passwords with this hashing algorithm that are imported via API must have the prefix {SSHA###}, where the numbers represent the SHA number value.
Note:

If you use the CSV import API, when you pass a hashed password make sure to escape any “+” signs by replacing them with “%2B”.