[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Wed Oct 7 16:53:55 UTC 2015
#21022: Allow bcrypt to be enabled via filter for pass hashing
---------------------------------------------+-----------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
Component: Security | Review
Severity: normal | Version: 3.4
Keywords: 2nd-opinion 3.6-early has-patch | Resolution:
| Focuses:
---------------------------------------------+-----------------------------
Comment (by mark8barnes):
Replying to [comment:51 mojorob]:
>Therefore is it not possible to have a check if PHP is => 5.5.0 then use
the native password hashing functions? (password_hash etc.)
That's not the worry. The worry is that if this is enabled for PHP 5.5+,
then someone downgrades from PHP 5.5 to PHP 5.3, then bcrypt will no
longer work, and people won't be able to log-in without resetting their
passwords.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:52>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list