OpenStack Identity (keystone)

  1. Bug #1688137
  2. Comment #14

Comment 14 for bug 1688137

Revision history for this message
Jeremy Stanley (fungi) wrote : Re: Attacker may use PCI-DSS 8.1.6 and 8.1.7 to lock out users indefinitely

Some interesting alternatives were floated in a NIST SP 800-63-3 update thread on the crypto ML this week: http://www.metzdowd.com/pipermail/cryptography/2017-August/032640.html (worth a read for anyone with their heads in this space currently).