[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing

WordPress Trac noreply at wordpress.org
Wed Nov 7 20:12:43 UTC 2012


#21022: Allow bcrypt to be enabled via filter for pass hashing
------------------------------------+------------------------------
 Reporter:  th23                    |       Owner:
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Security                |     Version:  3.4
 Severity:  normal                  |  Resolution:
 Keywords:  dev-feedback has-patch  |
------------------------------------+------------------------------

Comment (by ryanhellyer):

 This seems like something best switched over once PHP 5.3 is the required
 version. Otherwise there is a risk that someone needs to move a site from
 a server running one version of PHP supported by WordPress, but on moving
 to another server with a version of PHP supported then it may break due to
 the password hashing algorithm being missing.

 PHPPass doesn't seem to be inherently insecure in itself, so there is no
 urgent need to change. Moving eventually is obviously a good idea, but I'm
 not convinced that now is the appropriate time.

 Immediate solution ... bump the PHP requirement to 5.3 ;)

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:17>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list