Join the Reckless Community* indicates requiredEmail Address *First Name *Last Name *
Back to Red Hat Enterprise Linux 6 Security Technical Implementation Guide
Severity: Medium
<VulnDiscussion>Using a stronger hashing algorithm makes password cracking attacks more difficult.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Inspect "/etc/login.defs" and ensure the following line appears: ENCRYPT_METHOD SHA512 If it does not, this is a finding.
In "/etc/login.defs", add or correct the following line to ensure the system will use SHA-512 as the hashing algorithm: ENCRYPT_METHOD SHA512