9.1.10.1. Authenticator ManagementΒΆ
Authenticator strength is enforced using pam_cracklib.so. The SIMP settings ensure that passwords:
Have at least four characters that are different from the previous password
Do not repeat a character more than two times in a row
Do not have the username (forward or reversed) in the password
Have at least one character from three of the four classes: upper, lower, number, special character
Have at least 14 characters
Are not the same as any of the previous 24 passwords
Passwords are hashed using the SHA512 algorithm. Each password is hashed using 1000 rounds.
References: IA-5 (1)(a), IA-5 (1)(e)