Comment 3 for bug 1543048

There's nothing wrong with using SHA-2/512, AS LONG as you use it in a key derivation function (you really just shouldn't use the bare hashing algorithm to secure keys/passwords). I've been going with passlib's pbkdf2_sha512 scheme to great satisfaction in another (non-OpenStack) project, and recommend it highly. Something like:

    passlib.context.CryptContext(all__vary_rounds=0.1, default="pbkdf2_sha512",
        pbkdf2_sha512__default_rounds=1000, schemes=["pbkdf2_sha512"])