[wp-hackers] Should password hashing portability be configurable?
cloudpresshosting at gmail.com
Wed Nov 7 18:47:04 UTC 2012
To make sure I am understanding you are you saying account passwords are
hashed with MD5? I would certainly hope not.
On Wed, Nov 7, 2012 at 6:18 AM, Harry Metcalfe <harry at dxw.com> wrote:
> I've been investigating switching the sites we host to bcrypt, rather than
> MD5, which is the default. That MD5 is the default is regrettable but
> understandable given WordPress's need to remain portable. I understand that
> if the site was moved to a server without bcrypt support, those accounts
> would no longer be accessible. However, if that is not a consideration, it
> would surely be better for people to use bcrypt than MD5.
> I was going to make change on our sites by switching the portable flags in
> wp_check_password and wp_hash_password to false, after moving those
> functions into a plugin. This makes new passwords bcrypt and maintains
> backwards compatibility for passwords hashed using MD5. However, it misses
> the hashes which are created for password-protected posts, which happens in
> a function that is not pluggable.
> I've therefore created a global $wp_hasher instance (without portability)
> in a plugin, which I think should get called before WordPress has a chance
> to make it.
> 1. Is that right? Is there a scenario where WordPress will make a
> wp_hasher before my mu plugin gets loaded, thereby preventing
> someone from logging in?
> 2. Is it worth adding a WP_UNPORTABLE_PASSWORDS define so that people
> who want to make the switch can do so without having to fiddle with
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
More information about the wp-hackers