Comment 13 for bug 1668503

I also apologize if I didn't make it clear it was pbkdf still with sha512, just that sha512_crypt (even pbkdf) is not sufficient for applications (e.g. exposing your shadow file on linux *is* still a compromise). The implication is that there is significantly more surface area for Keystone to deal with than a system shadow file, therefore we should be using bcrypt, scrypt, or at *least* pbkdf2 instead of sha512_crypt.

tl;dr I may have also missed on communicating sha512_crypt is pbkdf rather than bare sha512 hashing.