Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-26071

Change Linux password hashing default from sha256 to sha512

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Release Notes
    • 0
    • Hide
      .Root passwords are hashed by using SHA512

      Satellite now uses the SHA512 algorithm to hash the root passwords of operating systems by default.
      The new default is only applied to new operating system entries.
      If you want to use the SHA512 algorithm in your existing operating systems, you have to change the algorithm manually and reprovision your hosts.
      Show
      .Root passwords are hashed by using SHA512 Satellite now uses the SHA512 algorithm to hash the root passwords of operating systems by default. The new default is only applied to new operating system entries. If you want to use the SHA512 algorithm in your existing operating systems, you have to change the algorithm manually and reprovision your hosts.
    • Enhancement
    • Done
    • Rocket

      https://wiki.archlinux.org/title/SHA_password_hashes states that NSA has recommended SHA512 since RHEL 5. This means it's safe to do with wide compatibility. It should be noted that Fedora 35 has started to default to YESCRYPT. See ENCRYPT_METHOD in /etc/login.defs and https://www.fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow for more info.

              rhn-engineering-mhulan Marek Hulan
              rhn-engineering-mhulan Marek Hulan
              Ewoud Kohl van Wijngaarden
              Gaurav Talreja Gaurav Talreja
              Lena Ansorgová Lena Ansorgová
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: