When you upgrade the master database, Adaptive Server maintains encrypted passwords in syslogins catalogs using algorithms from the earlier- and the upgaded version of Adaptive Server in the password column.
Users can call sp_displaylogin to determine which “Login password encryption” a login uses.
On first authentication of a login after an upgrade:
The user authenticates using the contents of the password column and the old algorithm.
Adaptive Server updates the password column with the old encryption algorithm followed by the new encryption algorithm.
On subsequent authentication of a login after upgrade, before “allow password downgrade” is set to 0, the user authenticates using the new algorithm.