[wp-trac] [WordPress Trac] #63457: WordPress 6.8 will fail creating bcrypt when entropy sources are not available
WordPress Trac
noreply at wordpress.org
Sat May 17 17:04:41 UTC 2025
#63457: WordPress 6.8 will fail creating bcrypt when entropy sources are not
available
-------------------------------+------------------------------
Reporter: isgroup | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.8
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses:
-------------------------------+------------------------------
Changes (by johnbillion):
* keywords: bcrypt => reporter-feedback
* component: Users => Security
Comment:
Thanks for the report @isgroup. This sounds like a pretty serious problem
with the hosting environment because all manner of CSPRNGs and related
cryptographic functionality relies on `/dev/urandom`.
* What is the use case for running a system where `/dev/urandom` is not
available? What is the source of randomness in this case?
* Which version of PHP are you using? The PHP documentation implies that
this error should throw an exception when using PHP 8, but it's not
entirely clear.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63457#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list