[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Fri Feb 28 18:52:00 UTC 2025
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner:
| johnbillion
Type: enhancement | Status: reopened
Priority: normal | Milestone: 6.8
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing has-unit- | Focuses:
tests has-dev-note |
-------------------------------------------------+-------------------------
Comment (by johnbillion):
In [changeset:"59893" 59893]:
{{{
#!CommitTicketReference repository="" revision="59893"
Security: Reintroduce support for passwords hashed with MD5.
This reinstates the ability for a user to log in to an account where the
password is hashed using MD5. This means that the ability to reset a
password directly in the database using an SQL query or a database
administration tool will be retained without the need to implement or
integrate with bcrypt or phpass.
A password hashed with MD5 will get upgraded to bcrypt at the point where
a user successfully logs in, just as is the case with a phpass hash.
Props audrasjb, aaronjorbin, johnbillion, david-innes, benniledl.
See #21022.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:247>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list