[wp-hackers] Should password hashing portability be configurable?
Harry Metcalfe
harry at dxw.com
Wed Nov 7 14:18:35 UTC 2012
I've been investigating switching the sites we host to bcrypt, rather
than MD5, which is the default. That MD5 is the default is regrettable
but understandable given WordPress's need to remain portable. I
understand that if the site was moved to a server without bcrypt
support, those accounts would no longer be accessible. However, if that
is not a consideration, it would surely be better for people to use
bcrypt than MD5.
I was going to make change on our sites by switching the portable flags
in wp_check_password and wp_hash_password to false, after moving those
functions into a plugin. This makes new passwords bcrypt and maintains
backwards compatibility for passwords hashed using MD5. However, it
misses the hashes which are created for password-protected posts, which
happens in a function that is not pluggable.
I've therefore created a global $wp_hasher instance (without
portability) in a plugin, which I think should get called before
WordPress has a chance to make it.
Questions:
1. Is that right? Is there a scenario where WordPress will make a
wp_hasher before my mu plugin gets loaded, thereby preventing
someone from logging in?
2. Is it worth adding a WP_UNPORTABLE_PASSWORDS define so that people
who want to make the switch can do so without having to fiddle with
wp_hasher?
Harry
More information about the wp-hackers
mailing list