SHA-2 Authentication-Password Hashing

The Oracle Communications Session Border Controller supports SHA-2 hashing of user login passwords. The OCSBC hashes passwords using a randomly generated salt with 65532 iterations of the SHA-512 algorithm.

Enabling SHA-2 Password Hashing

Passwords are changed with the secret login command. All newly set passwords are hashed with SHA-2, the SHA-1 hash is removed, and thereafter the OCSBC uses SHA-2 to validate the password for that user. Oracle recommends that all users change their passwords after upgrading the system.

WARNING:

Regarding upgrades to this software, versions of Session Deliver Manager prior to SDM 8.1 do not support managing SHA-2 enabled OCSBCs. To manage an OCSBC, you must use SDM 8.1 with basic authentication.

WARNING:

If you downgrade to a release that only supports SHA-1 hashing after a user login password has been SHA-2 hashed, users will be locked out until all passwords are cleared. To clear passwords, contact Oracle Support.