diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py
index 057dcb6a45e7..96e9d4a2da3c 100644
--- a/nova/virt/disk/api.py
+++ b/nova/virt/disk/api.py
@@ -23,7 +23,6 @@ Includes injection of SSH PGP keys into authorized_keys file.
 
 """
 
-import crypt
 import os
 import random
 import tempfile
@@ -31,6 +30,7 @@ import tempfile
 from oslo_concurrency import processutils
 from oslo_log import log as logging
 from oslo_serialization import jsonutils
+from oslo_utils import secretutils
 
 import nova.conf
 from nova import exception
@@ -631,9 +631,13 @@ def _set_passwd(username, admin_passwd, passwd_data, shadow_data):
     # md5 is the default because it's widely supported. Although the
     # local crypt() might support stronger SHA, the target instance
     # might not.
-    encrypted_passwd = crypt.crypt(admin_passwd, algos['MD5'] + salt)
+    encrypted_passwd = secretutils.crypt_password(
+        admin_passwd, algos['MD5'] + salt
+    )
     if len(encrypted_passwd) == 13:
-        encrypted_passwd = crypt.crypt(admin_passwd, algos['DES'] + salt)
+        encrypted_passwd = secretutils.crypt_password(
+            admin_passwd, algos['DES'] + salt
+        )
 
     p_file = passwd_data.split("\n")
     s_file = shadow_data.split("\n")
diff --git a/requirements.txt b/requirements.txt
index 80d4c1ec735b..df81e074fa8c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -38,7 +38,7 @@ oslo.limit>=1.5.0 # Apache-2.0
 oslo.reports>=1.18.0 # Apache-2.0
 oslo.serialization>=4.2.0 # Apache-2.0
 oslo.upgradecheck>=1.3.0
-oslo.utils>=7.4.0 # Apache-2.0
+oslo.utils>=8.0.0 # Apache-2.0
 oslo.db>=10.0.0 # Apache-2.0
 oslo.rootwrap>=5.15.0 # Apache-2.0
 oslo.messaging>=14.1.0 # Apache-2.0