Keystone uses sha512_crypt for password hashing. This is completely insufficient and provides limited protection (even with 10,000 rounds) against brute-forcing of the password hashes (especially with FPGAs and/or GPU processing).
The correct mechanism is to use bcrypt, scrypt, or pdkfd_sha512 instead of sha512_crypt.
This bug is marked as public security as bug #1543048 has already highlighted this issue.
Keystone uses sha512_crypt for password hashing. This is completely insufficient and provides limited protection (even with 10,000 rounds) against brute-forcing of the password hashes (especially with FPGAs and/or GPU processing).
The correct mechanism is to use bcrypt, scrypt, or pdkfd_sha512 instead of sha512_crypt.
This bug is marked as public security as bug #1543048 has already highlighted this issue.