[wp-hackers] Should password hashing portability be configurable?

Harry Metcalfe harry at dxw.com
Wed Nov 7 18:41:03 UTC 2012


I've packaged this up as a stand-alone plugin if anyone wants to have a 
look/test.

https://github.com/dxw/wp_bcrypt

Feedback very welcome.

Harry


PS - you might want to test it using Whippet :)

https://github.com/dxw/whippet



On 07/11/12 14:18, Harry Metcalfe wrote:
> I've been investigating switching the sites we host to bcrypt, rather 
> than MD5, which is the default. That MD5 is the default is regrettable 
> but understandable given WordPress's need to remain portable. I 
> understand that if the site was moved to a server without bcrypt 
> support, those accounts would no longer be accessible. However, if 
> that is not a consideration, it would surely be better for people to 
> use bcrypt than MD5.
>
> I was going to make change on our sites by switching the portable 
> flags in wp_check_password and wp_hash_password to false, after moving 
> those functions into a plugin. This makes new passwords bcrypt and 
> maintains backwards compatibility for passwords hashed using MD5. 
> However, it misses the hashes which are created for password-protected 
> posts, which happens in a function that is not pluggable.
>
> I've therefore created a global $wp_hasher instance (without 
> portability) in a plugin, which I think should get called before 
> WordPress has a chance to make it.
>
> Questions:
>
> 1. Is that right? Is there a scenario where WordPress will make a
>    wp_hasher before my mu plugin gets loaded, thereby preventing
>    someone from logging in?
> 2. Is it worth adding a WP_UNPORTABLE_PASSWORDS define so that people
>    who want to make the switch can do so without having to fiddle with
>    wp_hasher?
>
> Harry
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list