From Fedora Project Wiki
(corrected typo)
(42 intermediate revisions by 10 users not shown)
Line 1: Line 1:
{{header|docs}}
{{header|docs}}{{Docs_beat_open}}
{{Docs_beat_open}}


== Password Quality Checking ==
<title>Crypto Policy</title>


Fedora now has a single configurable library, ''[https://fedorahosted.org/libpwquality libpwquality]'', for checking the quality of new passwords used for system accounts. The system wide password quality checks provided by this library are configured by modifying the <code>/etc/security/pwquality.conf</code> configuration file.
<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>


Developers wishing to call this API from their applications will find the API description provided in the <code>pwquality.h</code> file of the ''libpwquality-devel'' package. A python wrapper, ''python-pwquality'', is also provided.
<para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>


<!-- http://fedoraproject.org/wiki/Features/PasswordQualityChecking -->
<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>
 
== Accepted ==
 
https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
 
http://fedoraproject.org/wiki/Features/ServicesPrivateTmp
 
Pending:
 
http://fedoraproject.org/wiki/Features/Securecontainers




Revision as of 07:03, 4 June 2014

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 25 content added by the beat writer


<title>Crypto Policy</title>

<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>

<para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>

<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>

Retrieved from "https://fedoraproject.org/w/index.php?title=Documentation_Security_Beat&oldid=379227"