[Openstack-security] [Bug 1668503] Re: sha512_crypt is insufficient, use pbkdf2_sha512 for password hashing
It's worth noting that on review of the original source,
keystone.common.password_hashing.hash_password() was not using a bare
SHA-512 hash like hashlib.sha512() but instead already performed key
derivation via passlib.hash.sha512_crypt.hash(), a wrapper for the
vaguely-named SHA-512 method for glibc's crypt() function. Per the ML
thread starting at http://www.openwall.com/lists/oss-
security/2017/09/17/2 the change itself is at least for the better, but
the risk from the previous implementation is not nearly as severe as
this bug and the subsequent OSSN would seem to suggest.
Apologies if my poorly-researched comment in bug 1543048 led to a fire
drill, I'll propose an errata revision to OSSN-0081 this week.
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
sha512_crypt is insufficient, use pbkdf2_sha512 for password hashing
Status in OpenStack Identity (keystone):
Status in OpenStack Identity (keystone) mitaka series:
Status in OpenStack Identity (keystone) newton series:
Status in OpenStack Identity (keystone) ocata series:
Status in OpenStack Identity (keystone) pike series:
Status in OpenStack Security Advisory:
Status in OpenStack Security Notes:
Keystone uses sha512_crypt for password hashing. This is insufficient
and provides limited protection (even with 10,000 rounds) against
brute-forcing of the password hashes (especially with FPGAs and/or GPU
The correct mechanism is to use bcrypt, scrypt, or pbkdf2_sha512
instead of sha512_crypt.
This bug is marked as public security as bug #1543048 has already
highlighted this issue.
To manage notifications about this bug go to: