[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Thu Feb 20 15:53:23 UTC 2025
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner:
| johnbillion
Type: enhancement | Status: reopened
Priority: normal | Milestone: 6.8
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing has-unit- | Focuses:
tests has-dev-note |
-------------------------------------------------+-------------------------
Comment (by johnbillion):
I suppose for completeness sake there is a third option regarding the
`user_activation_key` field, if it's absolutely necessary, which is to
revert the switch from phpass to BLAKE2b for security keys. It was a side
effect of the original proposal to switch these to bcrypt before deciding
they should use a fast hash instead. But that's a bunch of work which IMHO
is unnecessary to handle this edge case.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:233>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list