ansible-hardening/doc/source/developer-notes/V-38574.rst

The STIG requires SHA512 to be used for hashing password since it is
in the list of FIPS 140-2 approved hashing algorithms. This is also the
default in Ubuntu 14.04.

The Ansible tasks will verify that the secure default is still set in the
system's PAM configuration. If it has been altered, the playbook will fail
and display an error.

Further reading:

* `FIPS 140-2 on Wikipedia`_
* `FIPS 140-2 from NIST`_

.. _FIPS 140-2 on Wikipedia: https://en.wikipedia.org/wiki/FIPS_140-2
.. _FIPS 140-2 from NIST: http://csrc.nist.gov/groups/STM/cmvp/standards.html
V-3857{4,6,7}: Password hashing algorithms Change-Id: If7437d65b1a9a1025f2d71d4a7cd3896e6e99746 2015-10-29 10:18:11 -05:00			`The STIG requires SHA512 to be used for hashing password since it is`
			`in the list of FIPS 140-2 approved hashing algorithms. This is also the`
			`default in Ubuntu 14.04.`

			`The Ansible tasks will verify that the secure default is still set in the`
			`system's PAM configuration. If it has been altered, the playbook will fail`
			`and display an error.`

			`Further reading:`

			* `FIPS 140-2 on Wikipedia`_
			* `FIPS 140-2 from NIST`_

			`.. _FIPS 140-2 on Wikipedia: https://en.wikipedia.org/wiki/FIPS_140-2`
			`.. _FIPS 140-2 from NIST: http://csrc.nist.gov/groups/STM/cmvp/standards.html`