---
id: V-38576
status: implemented
tag: auth
---

The STIG requires SHA512 to be used for hashing password since it is
in the list of FIPS 140-2 approved hashing algorithms. This is also the
default in Ubuntu 14.04, Ubuntu 16.04, and CentOS 7.

The Ansible tasks will verify that the secure default is still set in
``/etc/login.defs``. If it has been altered, the playbook will fail
and display an error.

Further reading:

* `FIPS 140-2 on Wikipedia`_
* `FIPS 140-2 from NIST`_

.. _FIPS 140-2 on Wikipedia: https://en.wikipedia.org/wiki/FIPS_140-2
.. _FIPS 140-2 from NIST: http://csrc.nist.gov/groups/STM/cmvp/standards.html