[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Mon Nov 19 21:13:07 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-----------------------+----------------------------------------------------
Reporter: sjmurdoch | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: |
-----------------------+----------------------------------------------------
Changes (by ryan):
* milestone: => 2.4
Comment:
Would phpass [1] for salting and hashing passwords plus a two-way salted
encryption (such as [2]) on cookies be good enough? Are there more
contemporary libraries to consider that are portable enough for WP's
needs?
[1] http://www.openwall.com/phpass/
[2] http://www.tonymarston.net/php-mysql/encryption.html#2004-08-27
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list