[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing

WordPress Trac noreply at wordpress.org
Sat Jan 2 01:44:31 UTC 2016


#21022: Allow bcrypt to be enabled via filter for pass hashing
---------------------------------------------+-----------------------------
 Reporter:  th23                             |       Owner:
     Type:  enhancement                      |      Status:  new
 Priority:  normal                           |   Milestone:  Awaiting
Component:  Security                         |  Review
 Severity:  normal                           |     Version:  3.4
 Keywords:  2nd-opinion has-patch 4.5-early  |  Resolution:
                                             |     Focuses:
---------------------------------------------+-----------------------------

Comment (by Otto42):

 I agree that this is a UX thing, and giving solid reasoning and
 information to the user about why is important.

 If the password-hash is detectable (via length or header), then this is
 possible. 3 months ago, we didn't have PHP 7 getting adopted, or 4.4 with
 increased length password fields. This seems doable now, but maybe making
 the password hash mechanism more generic and pluggable is the way forward?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:69>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list