Add bcrypt and scrypt to global-requirements

Keystone needs to support better password hashing. The recommended hash
mechanisms is either bcrypt or scrypt. Generally speaking, the sha2 based
hashing is widely considered completely insufficient for off-line
bruteforcing. Currently keystone uses sha512_crypt instead of bcrypt
or scrypt. Keystone will be adding support for both bcrypt and scrypt
and ceasing use of sha512_crypt (except for passwords that were already
hashed with sha512_crypt). Use of passlib.hash.bcrypt requires the
bcrypt libarary, likewise use of passlib.hash.scrypt requires the
scrypt library.

Both bcrypt and scrypt are actively maintained.

These are the standard libraries used by passlib for the given functions.

Both libraries are released and compatible with python 3.

Bcrypt is Apache2 License. Scrypt is BSD-2-clause license.

Bcrypt is packaged for Ubuntu and Fedora. Scrypt is packaged for
Ubuntu but not packaged for Fedora.

Passlib recommends bcrypt instead of the alternative options
especially for python3.

Passlib recommends the scrypt libary as the the built-in backend is
~100x slower than the packaged version.

These will be required for passwords handled in keystone.

Change-Id: Ia549b0b4d7d6c24f9ba3da6daa04e28e441267f5

global-requirements.txt

@@ -9,6 +9,7 @@ autobahn>=0.10.1  # MIT License
 automaton>=0.5.0  # Apache-2.0
 beautifulsoup4  # MIT
 Babel>=2.3.4  # BSD
+bcrypt>=3.1.3  # Apache-2.0
 betamax>=0.7.0 # Apache-2.0
 boto>=2.32.1  # MIT
 botocore>=1.0.0 # Apache-2.0
@@ -268,6 +269,7 @@ rtslib-fb>=2.1.43,!=2.1.60,!=2.1.61  # Apache-2.0
 ryu>=4.9 # Apache-2.0
 semantic_version>=2.3.1  # BSD
 fasteners>=0.7  # Apache-2.0
+scrypt>=0.8.0  # BSD
 simplejson>=2.2.0  # MIT
 six>=1.9.0  # MIT
 scipy>=0.17.1  # BSD

upper-constraints.txt

@@ -493,3 +493,5 @@ pytz===2016.10
 XStatic-D3===3.5.17.0
 sysv-ipc===0.7.0
 scikit-learn===0.18.1
+bcrypt===3.1.3
+scrypt===0.8.0