New password encryption algorithm

Replication Server 15.0 uses the FIPS-certified Advanced Encryption Standard (AES) algorithm to encrypt new Replication Server user passwords. The AES alogrithm uses the 128-bit encryption key and can be obtained from the Certicom Security Builder library.

Migrating existing encrypted passwords

Use the information in Table 8-3 to migrate existing encrypted passwords in the Replication Server configuration file, and the rs_users and rs_maintusers tables.

**Table 8-3: Commands to encrypt passwords in new algorithm**
To	Command
Migrate existing user passwords to the new alogrithm	alter user user set password password where: user is the login name of the existing user. password is the existing password you want to encrypt using the new alogorithm.
Migrate existing database maintenance user passwords to the new algorithm	alter connection to data_server.database set password to password where password is the existing password you want to encrypt using the new alogorithm.
Migrate existing route user passwords to the new algorithm	alter route to dest_replication_server set password to passwd where: dest_replication_server is the name of the kdestination Replication Server. passwd is the existing password you want to encrypt using the new alogorithm.
Migrate existing user passwords in the configuration file to the new algorithm	Use rs_init to encrypt the passwords using the new algorithm.

Mixed-version issues

To fully support the new password encryption algorithm, both the Replication Server and the rs_init utility must have a site version of 15.0. If the site version is lower than 15.0, an error message displays and encryption is disabled.