[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Tue Feb 11 11:12:19 UTC 2025
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner:
| johnbillion
Type: enhancement | Status: accepted
Priority: normal | Milestone: 6.8
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing has-unit- | Focuses:
tests |
-------------------------------------------------+-------------------------
Comment (by johnbillion):
In [changeset:"59803" 59803]:
{{{
#!CommitTicketReference repository="" revision="59803"
Security: Explicitly require the `hash` PHP extension and add requirement
checks during installation and upgrade.
This extension provides the `hash()` function and support for the SHA-256
algorithm, both of which are required for upcoming security related
changes. This extension is almost universally enabled, however it is
technically possible to disable it on PHP 7.2 and 7.3, hence the
introduction of this requirement and the corresponding requirement checks
prior to installing or upgrading WordPress.
Props peterwilsoncc, ayeshrajans, dd32, SergeyBiryukov, johnbillion.
Fixes #60638, #62815, #56017
See #21022
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:218>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list