If you alter your password encryption and decryption scheme, any encrypted passwords stored in the Sign-on Table (SNT) must be decrypted using the old scheme and then re-encrypted with the new scheme. A utility program called dfhpcryp.exe (Windows) or dfhpcryp (UNIX) is supplied to assist in this conversion.
The procedure for moving to a new encryption scheme is described below. In this procedure, you introduce your new encryption module to the system as dfhucryp.dll (Windows) or dfhucryp.so (UNIX). You then run the dfhpcryp utility, which uses the existing module (dfhucryp) and your new one to perform the conversion. When the conversion is complete, you replace the existing module with your new one.
Before you make any changes, take a backup copy of the following:
To run dfhpcryp:
Do not replace the existing dfhucryp.dll (Windows) or dfhucryp.so (UNIX) at this stage. Your new module must only replace the existing dfhucryp.dll (Windows) or dfhucryp.so (UNIX) after you have run the dfhpcryp utility to perform the conversion.
MSS is now ready to run with the new encryption and decryption scheme.
The backups taken during this process are important in case you want to return to the old encryption and decryption scheme for any reason.