Increase the maximum length of a reserve password hash for the RSA Authentication Agent 7.x for Windows
RSA Product Set: SecurID RSA Product/Service Type: Authentication Agent for WIndows RSA Agent Version/Condition: 7.x
By default, the ReservePasswordHashGenerator creates an 80-character hash code, while the default Reserve Password domain policy takes a maximum of 79 characters. This article provides information on modifying the MAXLEN value of the reserve password hash so that it is allows for an additional character.
Because of this discrepancy when the ADM\RSA Desktop\Local Authentication Settings\Reserve Password policy is enabled and the hash is set, the data pasted from the ReservePasswordHashGenerator to the Reserve Password text box does not fit, resulting in a non-functional reserve password.
In the agent’s ADM templates, strings are allocated and stored in the registry as MAXLEN-1 because one character was needed to account for the trailing null that is needed when a string is written to the registry as a REG_SZ or REG_EXPAND_SZ.
Microsoft Technet has an article entitled "Classic ADM file in Windows 2008: MAXLEN error," which says that the string in the text box is limited to this defined length, so the trailing null should be in addition to the value of MAXLEN and not built into it.
Editing the attached RSA_Authentication_Agent.adm file will correct the MAXLEN value to accommodate the trailing null.