It's worth noting that on review of the original source, keystone.common.password_hashing.hash_password() was not using a bare SHA-512 hash like hashlib.sha512() but instead already performed key derivation via passlib.hash.sha512_crypt.hash(), a wrapper for the vaguely-named SHA-512 method for glibc's crypt() function. Per the ML thread starting at http://www.openwall.com/lists/oss-security/2017/09/17/2 the change itself is at least for the better, but the risk from the previous implementation is not nearly as severe as this bug and the subsequent OSSN would seem to suggest.
Apologies if my poorly-researched comment in bug 1543048 led to a fire drill, I'll propose an errata revision to OSSN-0081 this week.
It's worth noting that on review of the original source, keystone. common. password_ hashing. hash_password( ) was not using a bare SHA-512 hash like hashlib.sha512() but instead already performed key derivation via passlib. hash.sha512_ crypt.hash( ), a wrapper for the vaguely-named SHA-512 method for glibc's crypt() function. Per the ML thread starting at http:// www.openwall. com/lists/ oss-security/ 2017/09/ 17/2 the change itself is at least for the better, but the risk from the previous implementation is not nearly as severe as this bug and the subsequent OSSN would seem to suggest.
Apologies if my poorly-researched comment in bug 1543048 led to a fire drill, I'll propose an errata revision to OSSN-0081 this week.