[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Mon Mar 3 09:49:53 UTC 2025
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner:
| johnbillion
Type: enhancement | Status: closed
Priority: normal | Milestone: 6.8
Component: Security | Version: 3.4
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing has-unit- | Focuses:
tests has-dev-note commit |
-------------------------------------------------+-------------------------
Changes (by johnbillion):
* status: reopened => closed
* resolution: => fixed
Comment:
In [changeset:"59904" 59904]:
{{{
#!CommitTicketReference repository="" revision="59904"
Security: Reduce the length of the hash returned by `wp_fast_hash()` so it
can be used in the `user_activation_key` field when a legacy database
schema is still in use.
This reduces the hash length from 32 bytes to 30 so the overall length of
an activation key after encoding, prefixing, and prepending a timestamp
fits into 60 bytes.
A key is also introduced for domain separation. This doesn't affect the
output length.
Props dd32, paragoninitiativeenterprises, peterwilsoncc, johnbillion
Fixes #21022
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:251>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list