Open Stack

It's worth noting that on review of the original source,
keystone.common.password_hashing.hash_password() was not using a bare
SHA-512 hash like hashlib.sha512() but instead already performed key
derivation via passlib.hash.sha512_crypt.hash(), a wrapper for the
vaguely-named SHA-512 method for glibc's crypt() function. Per the ML
thread starting at http://www.openwall.com/lists/oss-
security/2017/09/17/2 the change itself is at least for the better, but
the risk from the previous implementation is not nearly as severe as
this bug and the subsequent OSSN would seem to suggest.

Apologies if my poorly-researched comment in bug 1543048 led to a fire
drill, I'll propose an errata revision to OSSN-0081 this week.

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1668503

Title:
  sha512_crypt is insufficient, use pbkdf2_sha512 for password hashing

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) mitaka series:
  Won't Fix
Status in OpenStack Identity (keystone) newton series:
  Won't Fix
Status in OpenStack Identity (keystone) ocata series:
  Won't Fix
Status in OpenStack Identity (keystone) pike series:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix
Status in OpenStack Security Notes:
  Fix Released

Bug description:
  Keystone uses sha512_crypt for password hashing. This is insufficient
  and provides limited protection (even with 10,000 rounds) against
  brute-forcing of the password hashes (especially with FPGAs and/or GPU
  processing).

  The correct mechanism is to use bcrypt, scrypt, or pbkdf2_sha512
  instead of sha512_crypt.

  This bug is marked as public security as bug #1543048 has already
  highlighted this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1668503/+subscriptions