The System Security Officer uses sp_encryption to set the system encryption password. The system password is specific to the database where sp_encryption is executed, and its encrypted value is stored in the sysattributes system table in that database.
sp_encryption system_encr_passwd, password
password can be as many as 64 bytes in length, and is used by Adaptive Server to encrypt all keys in the selected database. Once you have set the system encryption password, you need not specify this password to access keys or data.
Your system encryption password helps prevent access by unauthorized people. You should choose long and complex system encryption passwords. Longer passwords are harder to guess or crack by brute force. Passwords that are too short or easy to guess may compromise the security of encryption keys. Include upper and lower case letters, numbers, and special characters in the system encryption password. Sybase recommends that the length of system encryption password be between 16 and 64 bytes. In addition, follow the guidelines below when creating your password:
Do not use information such as your birthday, street address, or any other word or number that has anything to do with your personal life.
Do not use names of pets or loved ones.
Do not use words that appear in the dictionary or words spelled backwards.
You must set the system encryption password in every database where encryption keys are created. If all keys are stored in one designated database, then only that database requires a system encryption password. You may create encrypted columns in the same database as the keys or in other databases.
The System Security Officer can change the system password by using sp_encryption and supplying the old password:
sp_encryption system_encr_passwd, password [ , old_password]
When the system password is changed, Adaptive Server automatically re-encrypts all keys in the database with the new password.
You can unset the system encryption password by supplying “null” as the argument for password and supplying the value for old_password. You can remove the system password only if you have dropped all the encryption keys in that database.
