Replacing the Password Encryption and Decryption Scheme

If you alter your password encryption and decryption scheme, any encrypted passwords stored in the Sign-on Table (SNT) must be decrypted using the old scheme and then re-encrypted with the new scheme. A utility program called dfhpcryp.exe is supplied to assist in this conversion.

The procedure for moving to a new encryption scheme is described below. In this procedure, you introduce your new encryption module to the system as dfhucryp.dll . You then run the dfhpcryp utility, which uses the existing module (dfhucryp) and your new one to perform the conversion. When the conversion is complete, you replace the existing module with your new one.

Before you make any changes, take a backup copy of the following:

• The Resource Definition File (dfhdrdat and dfhdrdat.idx). This holds the SNT entries.
• The current encryption module (dfhucryp).

To run dfhpcryp:

1. Compile the new encryption module to .dll .
   Note:

   Do not replace the existing dfhucryp.dll at this stage. Your new module must only replace the existing dfhucryp.dll after you have run the dfhpcryp utility to perform the conversion.

2. Rename your new encryption module to dfhucryu.dll and copy it into the same directory as the existing dfhucryp.
3. Ensure that no part of MSS is active.
4. Run the dfhpcryp.exe utility.
5. When dfhpcryp completes, remove dfhucryp and rename dfhucryu to dfhucryp.
6. Back up the modified Resource Definition File.

MSS is now ready to run with the new encryption and decryption scheme.

The backups taken during this process are important in case you want to return to the old encryption and decryption scheme for any reason.