[wp-hackers] Should password hashing portability be configurable?

Harry Metcalfe harry at dxw.com
Wed Nov 7 19:22:05 UTC 2012

> The underlying cryptographic hash function is pretty much
> irrelevant to the concept of password storage.
As far as choosing between MD5/SHA256/similar, I agree. But bcrypt is 

> Unless the hash algorithm is extremely slow, [...]
This is exactly the point. bcrypt is, by design, very slow. And it can 
be adjusted to make it slower as computing power becomes cheaper. More:


More information about the wp-hackers mailing list