2017-02-28 05:23:47 |
Morgan Fainberg |
bug |
|
|
added bug |
2017-02-28 05:24:07 |
Morgan Fainberg |
bug task added |
|
ossa |
|
2017-02-28 05:24:14 |
Morgan Fainberg |
ossa: status |
New |
Incomplete |
|
2017-02-28 05:46:36 |
OpenStack Infra |
keystone: status |
Triaged |
In Progress |
|
2017-02-28 05:46:45 |
Morgan Fainberg |
keystone: importance |
Critical |
High |
|
2017-02-28 05:47:54 |
Morgan Fainberg |
nominated for series |
|
keystone/mitaka |
|
2017-02-28 05:47:54 |
Morgan Fainberg |
bug task added |
|
keystone/mitaka |
|
2017-02-28 05:47:54 |
Morgan Fainberg |
nominated for series |
|
keystone/pike |
|
2017-02-28 05:47:54 |
Morgan Fainberg |
bug task added |
|
keystone/pike |
|
2017-02-28 05:47:54 |
Morgan Fainberg |
nominated for series |
|
keystone/newton |
|
2017-02-28 05:47:54 |
Morgan Fainberg |
bug task added |
|
keystone/newton |
|
2017-02-28 05:47:54 |
Morgan Fainberg |
nominated for series |
|
keystone/ocata |
|
2017-02-28 05:47:54 |
Morgan Fainberg |
bug task added |
|
keystone/ocata |
|
2017-02-28 05:48:25 |
Morgan Fainberg |
description |
Keystone uses sha512_crypt for password hashing. This is completely insufficient and provides limited protection (even with 10,000 rounds) against brute-forcing of the password hashes (especially with FPGAs and/or GPU processing).
The correct mechanism is to use bcrypt, scrypt, or pdkfd_sha512 instead of sha512_crypt.
This bug is marked as public security as bug #1543048 has already highlighted this issue. |
Keystone uses sha512_crypt for password hashing. This is insufficient and provides limited protection (even with 10,000 rounds) against brute-forcing of the password hashes (especially with FPGAs and/or GPU processing).
The correct mechanism is to use bcrypt, scrypt, or pdkfd_sha512 instead of sha512_crypt.
This bug is marked as public security as bug #1543048 has already highlighted this issue. |
|
2017-02-28 14:02:03 |
Jeremy Stanley |
summary |
sha512_crypt is insufficient, use pdkfd_sha512 for password hashing |
sha512_crypt is insufficient, use pbkdf2_sha512 for password hashing |
|
2017-02-28 14:02:57 |
Jeremy Stanley |
description |
Keystone uses sha512_crypt for password hashing. This is insufficient and provides limited protection (even with 10,000 rounds) against brute-forcing of the password hashes (especially with FPGAs and/or GPU processing).
The correct mechanism is to use bcrypt, scrypt, or pdkfd_sha512 instead of sha512_crypt.
This bug is marked as public security as bug #1543048 has already highlighted this issue. |
Keystone uses sha512_crypt for password hashing. This is insufficient and provides limited protection (even with 10,000 rounds) against brute-forcing of the password hashes (especially with FPGAs and/or GPU processing).
The correct mechanism is to use bcrypt, scrypt, or pbkdf2_sha512 instead of sha512_crypt.
This bug is marked as public security as bug #1543048 has already highlighted this issue. |
|
2017-02-28 23:03:09 |
Morgan Fainberg |
keystone/ocata: status |
New |
Won't Fix |
|
2017-02-28 23:03:16 |
Morgan Fainberg |
keystone/mitaka: status |
New |
Won't Fix |
|
2017-02-28 23:03:22 |
Morgan Fainberg |
keystone/newton: status |
New |
Won't Fix |
|
2017-05-19 00:38:38 |
OpenStack Infra |
keystone: assignee |
Morgan Fainberg (mdrnstm) |
Gage Hugo (gagehugo) |
|
2017-05-19 14:25:21 |
Lance Bragstad |
keystone/pike: assignee |
Gage Hugo (gagehugo) |
|
|
2017-05-19 14:25:33 |
Lance Bragstad |
keystone/pike: assignee |
|
Morgan Fainberg (mdrnstm) |
|
2017-06-02 12:20:45 |
OpenStack Infra |
keystone: status |
In Progress |
Fix Released |
|
2017-06-09 19:43:47 |
Lance Bragstad |
keystone/pike: milestone |
|
pike-2 |
|
2017-08-15 04:02:50 |
Tristan Cacqueray |
bug task added |
|
ossn |
|
2017-08-15 04:03:00 |
Tristan Cacqueray |
ossa: status |
Incomplete |
Won't Fix |
|
2017-08-15 06:57:58 |
Luke Hinds |
ossn: assignee |
|
Luke Hinds (lhinds) |
|
2017-08-30 14:25:20 |
Luke Hinds |
ossn: status |
New |
In Progress |
|
2017-08-30 14:25:29 |
Luke Hinds |
ossn: importance |
Undecided |
High |
|
2017-08-30 14:51:14 |
Luke Hinds |
ossn: status |
In Progress |
Fix Committed |
|
2017-09-17 11:28:26 |
Luke Hinds |
ossn: status |
Fix Committed |
Fix Released |
|