Ensure password hashing algorithm is up to date with the latest standardsID: oval:org.secpod.oval:def:92198 | Date: (C)2023-08-23 (M)2023-12-20 |
Class: COMPLIANCE | Family: unix |
The commands below change password encryption to yescrypt (a much stronger hashing algorithm). All existing accounts will need to perform a password change to upgrade the stored hashes to the new algorithm.
Rationale:
The yescrypt algorithm provides much stronger hashing than previous available algorithms, thus providing additional protection to the system by increasing the level of effort for an attacker to successfully determine passwords.