Check: RHEL-06-000063

Red Hat Enterprise Linux 6 STIG: RHEL-06-000063 (in versions v2 r2 through v1 r14)

The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (login.defs). (Cat II impact)

Using a stronger hashing algorithm makes password cracking attacks more difficult.

Inspect "/etc/login.defs" and ensure the following line appears: ENCRYPT_METHOD SHA512 If it does not, this is a finding.

In "/etc/login.defs", add or correct the following line to ensure the system will use SHA-512 as the hashing algorithm: ENCRYPT_METHOD SHA512

Rule ID: SV-217899r603264_rule

Vulnerability ID: V-217899

Group Title: SRG-OS-000120

Expert comments are only available to logged-in users.

CCIs tied to check.

Number	Definition
CCI-000803	Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-7	Cryptographic Module Authentication