[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes

WordPress Trac noreply at wordpress.org
Wed Feb 19 16:43:05 UTC 2025 

#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
 Reporter:  th23                                 |       Owner:
                                                 |  johnbillion
     Type:  enhancement                          |      Status:  reopened
 Priority:  normal                               |   Milestone:  6.8
Component:  Security                             |     Version:  3.4
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch needs-testing has-unit-    |     Focuses:
  tests has-dev-note                             |
-------------------------------------------------+-------------------------

Comment (by paragoninitiativeenterprises):

 I would not be opposed to making 6.8 support bcrypt, then 6.9 ''use''
 bcrypt. This two-putt migration will prevent the kind of lockout caused by
 a downgrade.

 > Don't let non-working passwords after a rollback to 6.7 (or earlier) be
 a showstopper for deploying the much-anticipated improvement to the
 password hashing method.

 I don't think we need to worry about 6.7 or earlier. Two-putt migrations
 (first, make it so everyone can read, then make it so that anyone can
 write) is the platonic ideal for avoiding split-brain states when working
 with a protocol upgrade in any distributed system--especially one where
 you do not control all of the clients.

 But we don't necessarily need to do this across 6.8/6.9 specifically.

 For example, adding the ability to read new password hashes in 6.7.x (for
 some value of x) and then writing them in 6.8 would work too, if such a
 change is tenable by the version policies and timelines for the next major
 version.

 If the WordPress community wants to avoid the edge case of someone
 upgrading to 6.8 then rolling back their upgrade (and then risking being
 locked out if they re-hashed their password), the two-putt approach is
 ideal and doesn't keep the ecosystem bogged down forever.

 But if that's the decision, stretching this consideration further back
 (e.g. supporting users that roll all the way back to 6.7.0 or 6.6.x) would
 be inadvisable.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:229>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list