In versions of Adaptive Server earlier than 15.7, role passwords were stored using Sybase-proprietary encryption in the syssrvroles system table. as of Adaptive Server version 15.7, role passwords are stored securely on-disk as SHA-256 digests.
When you upgrade Adaptive Server to version 15.7 or later, and activate a role password for the first time after the upgrade, Adaptive Server encrypts the role password and stores it as an SHA-256 digest.
You cannot downgrade a role password that has been encrypted in SHA-256; instead, upon downgrade, Adaptive Server truncates the role password and locks the role. The administrator must then reset the password and unlock the role after the downgrade.
In a high availability environment, those role passwords
that are upgraded on first use on a primary server are also upgraded
on its companion server.
