[wp-trac] Re: [WordPress Trac] #2394: Passwords are stored in an
insecure un-salted form
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 29 07:32:49 GMT 2007
#2394: Passwords are stored in an insecure un-salted form
--------------------------------------------------------------+-------------
Reporter: sjmurdoch | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.0
Severity: normal | Resolution:
Keywords: has-patch salt password md5 phpass needs-testing |
--------------------------------------------------------------+-------------
Comment (by ryan):
I modified 2394-phpass.patch to abstract password hashing and checking
into functions -- wp_check_password() and wp_hash_password(). These
functions are pluggable so if someone doesn't like phpass they can plug in
their own hasher.
Also, upon successful login using a plaintext password, old hashes are
replaced with phpass hashes.
--
Ticket URL: <http://trac.wordpress.org/ticket/2394#comment:21>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list