When you create user accounts within EFT Server, the ODBC database is populated with the username and a SHA-1 256 hash of the account password. The registry entry described below will cause ODBC to use MD5 instead. The alternative is to use COM to create the users (reading in the list from a batch file or csv) and then let EFT Server add the users and encrypt the password using SHA1-256 or MD5 (depending on what is set).
If you are using an ODBC data source for authentication on your Server, and users receive an error saying they are not logged in, make sure the "anonymous" row in the "ftpserver_users" table is set to "0" or "1". It cannot be set to "Null".
This key is useful in the following instances:
If you have a policy where MD5 is preferred over SHA256 (unlikely)
If passwords are being generated externally and hash values are stored in database in MD5 format
When a user logs in to a Site that is using ODBC authentication, if this registry setting is turned on, EFT Server compares the MD5 hash of the password to the value stored in the database. If this reg value is not enabled, then EFT Server compares the SHA256 value instead.
With this key, MD5 is either turned off (default setting) or turned on. When the key is enabled, EFT Server handles everything in MD5, both for authenticating against the MD5 hash and writing out the new MD5 hash into the password field when users change their passwords.
[HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 3.0]
"UseMD5PasswordHash"=dword:00000001
If this value is absent or is zero, the old (SHA256) digest algorithm is used; otherwise, MD5. The digest is stored in the database in Base64-encoded form.