linux:linux-hardening:enable_sha-512_hashing_for_all_password_encryption
Secure Server Build
Enable Sha512 hashing for all password encryption
First, edit the file /etc/pam.d/system-auth to ensure that sha512 is used by the pam unix.so module in the password section, replacing any other algorithms (such as md5, bigcrypt, blowfish, or sha256) with sha512, as shown:
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
Second, edit the file /etc/login.defs to add or correct the following lines:
MD5_CRYPT_ENAB no ENCRYPT_METHOD SHA512
Third, edit the file /etc/libuser.conf to add or correct the following line:
crypt_style = sha512
linux/linux-hardening/enable_sha-512_hashing_for_all_password_encryption.txt · Last modified: by 127.0.0.1