[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Wed Mar 13 22:22:23 UTC 2019
#21022: Allow bcrypt to be enabled via filter for pass hashing
-------------------------------------------------+-------------------------
Reporter: th23 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: 2nd-opinion has-patch needs-testing | Focuses:
5.0-early dev-feedback |
-------------------------------------------------+-------------------------
Comment (by Otto42):
It is worth noting that switching to password_hash would effectively limit
password lengths to 72 bytes (the bcrypt algorithm ignores the rest, so
PHP truncates the password to that length).
This should be discussed, as the last time we limited password lengths, we
limited it to 4096 bytes.
I'm for switching to password_hash, BTW. Just thought this should be
known.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:104>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list