The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22303 | GEN000590 | SV-26315r1_rule | DCNR-1 IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes that are more vulnerable to compromise. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2013-06-27 |
Details
| Check Text ( C-36265r1_chk ) |
|---|
| Verify the Password Hashing Infrastructure (PHI) is installed: # swlist -a state PHI If PHI is not installed, this is a finding. Check the settings in /etc/default/security. If the CRYPT_DEFAULT setting in /etc/default/security is not present, or not set to 6, this is a finding. |
| Fix Text (F-31522r1_fix) |
|---|
| Install the Password Hashing Infrastructure (PHI) if not installed. Edit /etc/default/security and add or change the CRYPT_DEFAULT setting to 6. |