[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Sun Dec 11 22:25:00 UTC 2022
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: Security | Version: 3.4
Severity: major | Resolution:
Keywords: 2nd-opinion has-patch needs-testing | Focuses:
dev-feedback |
-------------------------------------------------+-------------------------
Comment (by stgoos):
Replying to [comment:129 my1xt]:
> @stgoos fullly agree over here, although considering we are 7.4 already
and in fact PHP7 as a whole is EOL by now, so the next version might as
well be PHP8+ why not just skip bcrypt and go all-out with argon2id?
Valid point, although backwards compatibility for PHP 7.4 for a little
longer is something I can understand due to the fact that so many
plugins(/themes) haven't been made PHP 8.x compatible yet - unfortunately.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:130>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list