SOL-11.1-040130 - Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.

Information

Cryptographic hashes provide quick password authentication while not actually storing the password.

Solution

The root role is required.

Configure the system to disallow the use of UNIX encryption and enable SHA256 as the default encryption hash.

# pfedit /etc/security/policy.conf

Check that the following lines exist and are not commented out:
CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_ALLOW=5,6

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_11_SPARC_V3R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d), CAT|II, CCI|CCI-004062, Rule-ID|SV-216333r986406_rule, STIG-ID|SOL-11.1-040130, STIG-Legacy|SV-61115, STIG-Legacy|V-48243, Vuln-ID|V-216333

Plugin: Unix

Control ID: 196a01d24dac39cf927937b08a9c612b33200a39554b634e1abe8bf48174d467