default-encrypt-method-sha512

Sets the default password hashing algorithm to SHA-512 (encrypt_method in the /etc/login.defs file).
Repository Report issue

Maintainer

Nick Anderson

Module stats

Total Downloads: 523
Updated: Dec 3, 2021

Installation version

Version
0.0.1
0.0.1
1.0.0
1.0.1
1.0.2
1.0.3
Released on Dec 2, 2021

Tags

Installation

                    
cfbs add default-encrypt-method-sha512@0.0.1
Description
Dependencies
Discussion

default-encrypt-method-sha512

This module makes sure the default password hashing algorithm is SHA512. Yes, it's a bit of a mis-nomer, but that stems from the historical details, namely the key ENCRYPT_METHOD in /etc/login.defs.

  • Ensure Password Hashing Algorithm in /etc/libuser.conf (SHA512)

    • crypt_style = sha512

  • Ensure Password Hashing Algorithm in /etc/login.defs (SHA512)

    • ENCRYPT_METHOD SHA512

Note: This policy only ensures the default algorithm is set, it does nothing with respect to users who have passwords hashed using a different algorithm.

Related modules:

Dependencies

This module has no dependencies

Find related thread in GitHub discussions or Start a new discussion