What type of encoding is used in the SPA database?
How does SPA limit access to critical password information?
Secure Password Administrator (SPA) encrypts users' challenge questions and answers. SPA also encrypts password history if you installed hotfix NETIQKB44178. SPA stores the encrypted information using 160-bit Blowfish in one of the tables in the SPA SQL Server database.
For more information about the hotfix, see the NetIQ Knowledge Base article NETIQKB44178: "Secure Password Administrator does not allow for web-based password history or password aging" at https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB44178.