The format and content requirements of passwords depends on the account system where a user's identity is defined. When you add the password to the _User table accounts, the password is encoded with the GENERATE-PASSWORD-HASH function. This function uses a National Institute of Standards and Technology (NIST)-approved algorithm to encode passwords before storing them in the _User table. Because OpenEdge internal passwords are case-sensitive, GENERATE-PASSWORD-HASH returns different values for uppercase and lowercase input.

For more information about GENERATE-PASSWORD-HASH, see GENERATE-PASSWORD-HASH function.

Note:
  • During migration, the database may contain a mix of passwords stored using both the legacy ENCODE method and the new FIPS-compliant GENERATE-PASSWORD-HASH function. The ABL Virtual Machine (AVM) supports both formats when FIPS mode is disabled. However, once FIPS mode is enabled, only passwords encoded with GENERATE-PASSWORD-HASH are accepted.
  • If FIPS mode is enabled, users created in OpenEdge Release 12.8 or earlier are unable to log in to the database. When FIPS mode is disabled, users can update their own passwords, or a system administrator can reset passwords for other users using the Data Administration tool. The new password encoded with GENERATE-PASSWORD-HASH is FIPS-compliant, enabling secure database access through the Data Administration tool.
For more information, see: