Comment 18 for bug 1175906

OK... My proposal is to consider this a potential performance issue (rather than a vulnerability) and have the Keystone devs openly fix it in Havana, by implementing a password max length parameter.

Depending on the implementation, it could follow Jeremy's suggestion (comment 16, store maxlength per-password for eventually consistent transition), or a default of 4096 with documentation on how to reduce it. The first option is a bit convoluted, but the only way to mitigate the issue with new users without breaking old ones.

Does that work for everyone ?