If you try to configure the kbaInfo answers to be hashed with the bcrypt algorithm, when users self-register, their kba answers are hashed using SHA-256. It looks like Self Service may hard-code KBA answers to use SHA-256 in org.forgerock.selfservice.core.util.Answers#hashAnswer
Steps to reproduce in 6.5.x or 7.0:
1. In the Admin UI, enable User Registration and Security Questions.
2. In managed.json, change kbaInfo answers to use bcrypt hashing:
3. Have a user self-register.
4. The new managed/user object will show the kbaInfo answers hashed with SHA-256, for example: