Ensure hashing algorithm is set to SHA-512ID: oval:org.secpod.oval:def:70680 | Date: (C)2021-04-20 (M)2023-12-20 |
Class: COMPLIANCE | Family: unix |
The commands below change password encryption from md5 to sha512 (a much stronger hashing algorithm). All existing accounts will need to perform a password change to upgrade the stored hashes to the new algorithm.
Rationale:
The SHA-512 algorithm provides much stronger hashing than MD5, thus providing additional protection to the system by increasing the level of effort for an attacker to successfully determine passwords.