HP-UX Password Hashing Infrastructure B.11.23.
© Copyright 2001–2008 Hewlett-Packard Development Company L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP-UX Password Hashing Infrastructure B.11.23.01.....................................................5 1.1 HP-UX PHI Overview.......................................................................................................................5 1.2 HP-UX PHI Features.........................................................................................................................5 1.3 HP-UX PHI Documentation..........................................................................
1 HP-UX Password Hashing Infrastructure B.11.23.01 The information in this document is for HP-UX Password Hashing Infrastructure (PHI) version B.11.23.01 only. 1.1 HP-UX PHI Overview HP-UX PHI enhances the security of HP-UX 11i version 2. HP-UX PHI provides a new SHA512-based algorithm for user password hashes as an alternative to the traditional, DES-based password hash algorithm. Traditionally, authentication of users in HP-UX was done using the crypt function.
backward compatible with crypt and provide the option to use an alternative password hash algorithm, as configured by the attributes CRYPT_DEFAULT and CRYPT_ALGORITHMS_DEPRECATE described in security(4). Table 1-1 lists and briefly describes the HP-UX PHI crypt functions: Table 1-1 HP-UX PHI Functions Function Description crypt2_passwd_match(key, oldhash, username) Derives both the password hash algorithm and salt from oldhash. It then applies the algorithm to the salt and to the string key.
The default hash algorithm is method 6, a newer hash algorithm based on SHA-512. If the attribute CRYPT_DEFAULT is not defined in /etc/default/security, the default value is __unix__. The CRYPT_DEFAULT and CRYPT_ALGORITHMS_DEPRECATE attributes can be used as follows: • CRYPT_DEFAULT=__unix__ The default hash algorithm is the traditional DES-based algorithm. • CRYPT_DEFAULT=6 Sets the default password hash algorithm to an SHA512-based algorithm. For each new user, the password hash will be SHA512-based.
2 Acquiring and Installing HP-UX PHI HP-UX PHI is available free of charge from Software Depot: http://www.software.hp.com 2.1 Acquiring HP-UX PHI To acquire HP-UX PHI, you must complete the following steps: 1. Go to Software Depot: http://www.software.hp.com. 2. Select Security and manageability. Scroll down and select HP-UX Password Hash Infrastructure. Read the information on the HP-UX PHI release page. 3. Select Receive for Free >> at the bottom of the page. 4. Enter your registration information. 5.
IMPORTANT: The HP-UX PHI functionality is not activated by default after installation. To activate it, you need to edit certain attributes in the /etc/default/security file. For more information, see the description of the CRYPT_DEFAULT and CRYPT_ALGORITHMS_DEPRECATE attributes in the security(4) manpage. To remove (un-install) HP-UX PHI B.11.23.01 from your HP-UX 11i v2 systems, you must complete the following steps: 1. 2. Logon to your system as the root user.
3 Known Problems in HP-UX PHI B.11.23.01 HP-UX PHI B.11.23.01 contains no known problems.
