There's nothing wrong with using SHA-2/512, AS LONG as you use it in a key derivation function (you really just shouldn't use the bare hashing algorithm to secure keys/passwords). I've been going with passlib's pbkdf2_sha512 scheme to great satisfaction in another (non-OpenStack) project, and recommend it highly. Something like:
There's nothing wrong with using SHA-2/512, AS LONG as you use it in a key derivation function (you really just shouldn't use the bare hashing algorithm to secure keys/passwords). I've been going with passlib's pbkdf2_sha512 scheme to great satisfaction in another (non-OpenStack) project, and recommend it highly. Something like:
passlib. context. CryptContext( all__vary_ rounds= 0.1, default= "pbkdf2_ sha512" ,
pbkdf2_ sha512_ _default_ rounds= 1000, schemes= ["pbkdf2_ sha512" ])