Yes; PA-DSS v3 requires that a strong, one-way cryptographic algorithm with a unique input variable be used to render all payment application passwords unreadable during storage. This meets the intent of PCI DSS Requirement 8.2.1, which is that passwords be rendered unreadable using strong cryptography. PCI DSS does not require that all passwords be hashed; they could, for example, be encrypted with an appropriate algorithm and strong cryptographic key. While PCI DSS provides flexibly for different methods to be used to protect passwords, PA-DSS v3 specifically requires the use of a strong hash with unique input variable.
Article Number 1289