[wp-trac] Re: [WordPress Trac] #2394: Passwords are stored in an
insecure un-salted form
WordPress Trac
wp-trac at lists.automattic.com
Thu Jun 28 15:20:23 GMT 2007
#2394: Passwords are stored in an insecure un-salted form
-----------------------+----------------------------------------------------
Reporter: sjmurdoch | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4 (future)
Component: Security | Version: 2.0
Severity: normal | Resolution:
Keywords: has-patch |
-----------------------+----------------------------------------------------
Comment (by pishmishy):
Replying to [comment:9 Otto42]:
> Minor suggestions:
>
> For PHP versions above 5.1.2, using hash('md5', 'string'); is faster
than md5('string'). Might be worth detecting the PHP version and using
that instead. Every little bit helps.
>
> For PHP 4 versions, this is faster than md5('string') and returns the
same result: bin2hex(md5('string', TRUE));
This issue should have it's own ticket. WordPress doesn't only uses md5()
hashes in password management.
--
Ticket URL: <http://trac.wordpress.org/ticket/2394#comment:10>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list