[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Mon Feb 17 11:22:49 UTC 2025
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner:
| johnbillion
Type: enhancement | Status: closed
Priority: normal | Milestone: 6.8
Component: Security | Version: 3.4
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing has-unit- | Focuses:
tests |
-------------------------------------------------+-------------------------
Changes (by johnbillion):
* status: accepted => closed
* resolution: => fixed
Comment:
In [changeset:"59828" 59828]:
{{{
#!CommitTicketReference repository="" revision="59828"
Security: Switch to using bcrypt for hashing user passwords and BLAKE2b
for hashing application passwords and security keys.
Passwords and security keys that were saved in prior versions of WordPress
will continue to work. Each user's password will be opportunistically
rehashed and resaved when they next subsequently log in using a valid
password.
The following new functions have been introduced:
* `wp_password_needs_rehash()`
* `wp_fast_hash()`
* `wp_verify_fast_hash()`
The following new filters have been introduced:
* `password_needs_rehash`
* `wp_hash_password_algorithm`
* `wp_hash_password_options`
Props ayeshrajans, bgermann, dd32, deadduck169, desrosj, haozi, harrym,
iandunn, jammycakes, joehoyle, johnbillion, mbijon, mojorob, mslavco,
my1xt, nacin, otto42, paragoninitiativeenterprises, paulkevan, rmccue,
ryanhellyer, scribu, swalkinshaw, synchro, th23, timothyblynjacobs,
tomdxw, westi, xknown.
Additional thanks go to the Roots team, Soatok, Calvin Alkan, and Raphael
Ahrens.
Fixes #21022, #44628
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:221>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list