[Openstack-security] [Bug 1668503] Re: sha512_crypt is insufficient, use pbkdf2_sha512 for password hashing

Morgan Fainberg morgan.fainberg at gmail.com
Tue Feb 28 21:46:00 UTC 2017 

As an update based upon the comments and discussion in keystone here is
the course of action:

* No backports

* Pike will be updated to support pbkfd2_sha512, bcrypt, and scrypt
(configurable) - default will be bcrypt

* For rolling upgrade purposes, keystone will still write sha512_crypt
passwords to the old column, new column will be created for the new
password hashes. This old crypt hash will be disable-able from being
written via configuration option.

* IN Q release, keystone will cease to write sha512_crypt and the
configuration option will be deprecated for removal/removed (that
toggles sha512_crypt writing).

This means OSSA can be closed, OSSN task can be opened if OSSG would
like to issue an OSSN for this.

While sha512_crypt and sha256_crypt are used in many cases, these are in
places that are typically more secure than web-facing applications
(shadow file) where pbkfd2, bcrypt, and scrypt really shine and start
providing significantly more protection against off-line brute force
especially since databases are more likely to be breached as they are
more often accessible from more locations than the shadow/filesystem
is).

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1668503

Title:
  sha512_crypt is insufficient, use pbkdf2_sha512 for password hashing

Status in OpenStack Identity (keystone):
  In Progress
Status in OpenStack Identity (keystone) mitaka series:
  New
Status in OpenStack Identity (keystone) newton series:
  New
Status in OpenStack Identity (keystone) ocata series:
  New
Status in OpenStack Identity (keystone) pike series:
  In Progress
Status in OpenStack Security Advisory:
  Incomplete

Bug description:
  Keystone uses sha512_crypt for password hashing. This is insufficient
  and provides limited protection (even with 10,000 rounds) against
  brute-forcing of the password hashes (especially with FPGAs and/or GPU
  processing).

  The correct mechanism is to use bcrypt, scrypt, or pbkdf2_sha512
  instead of sha512_crypt.

  This bug is marked as public security as bug #1543048 has already
  highlighted this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1668503/+subscriptions

More information about the Openstack-security mailing list