[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes

WordPress Trac noreply at wordpress.org
Wed Mar 26 17:24:20 UTC 2025 

#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
 Reporter:  th23                                 |       Owner:
                                                 |  johnbillion
     Type:  enhancement                          |      Status:  reopened
 Priority:  normal                               |   Milestone:  6.8
Component:  Security                             |     Version:  3.4
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch needs-testing has-unit-    |     Focuses:
  tests has-dev-note                             |
-------------------------------------------------+-------------------------
Changes (by desrosj):

 * keywords:  has-patch needs-testing has-unit-tests has-dev-note commit =>
     has-patch needs-testing has-unit-tests has-dev-note
 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 While looking through the Hosting Test reports prior to RC1, I noticed
 that there is [https://make.wordpress.org/hosting/test-
 results/r59893/xserverbot-r59893-7-4-mysql-ver-15-1-distrib-10-5-22
 -mariadb-for-linux-x86_64-using-editline-wrapper/ at least one host] where
 a few tests are failing after [59893] because Argon2i and Argon2id are not
 supported.

 I'm reopening this for tracking purposes so this can be properly
 considered prior to 6.8being released on April 15.

 From @johnbillion
 [https://wordpress.slack.com/archives/C02RQBWTW/p1742919367257249?thread_ts=1742918929.933419&cid=C02RQBWTW
 on Slack]:

 > So the `fail()` method is being called because the test environment
 doesn't support argon2. We've had some discussions in the past about
 whether this situation should result in a test failure or a test skipped,
 the latter being risky because it's not very visible if, for example, the
 PHP build used on GitHub Actions suddenly stopped supporting something
 that the test depends on. I'll have a think.

 So far, I've only seen 2 unique hosts reporting this failure out of the 25
 total that have submitted results since. The answer very well could be
 "you need to add support".

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:252>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list