[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Wed Nov 7 21:33:17 UTC 2012
#21022: Allow bcrypt to be enabled via filter for pass hashing
------------------------------------+------------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: dev-feedback has-patch |
------------------------------------+------------------------------
Comment (by harrym):
Replying to [comment:17 ryanhellyer]:
> Otherwise there is a risk that someone needs to move a site from a
server running one version of PHP supported by WordPress, but on moving to
another server with a version of PHP supported then it may break due to
the password hashing algorithm being missing.
Surely this risk is minute? You'd have to move from a server running 5.3.x
to one running 5.2.x. And it's trivially solvable by changing your
password.
What's involved in increasing the requirement from 5.2 to 5.3? That feels
non-trivial.
Replying to [comment:18 westi]:
> I think we should do this, and I think we should make the password re-
encrypting code upgrade to a bcrypted password on login like we do for
md5.
That's exactly what the plugin does (linked above) although I didn't
include that in the patch. Happy to resubmit if it's looking likely to be
accepted?
By "this" did you mean wait for 5.3 or change it now?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:20>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list