[wp-trac] [WordPress Trac] #15088: Reduce Remote Dependency of the Network Admin

WordPress Trac wp-trac at lists.automattic.com
Fri Mar 18 17:49:02 UTC 2011


#15088: Reduce Remote Dependency of the Network Admin
--------------------------------------+-----------------------
 Reporter:  hakre                     |       Owner:
     Type:  feature request           |      Status:  reopened
 Priority:  normal                    |   Milestone:
Component:  General                   |     Version:  3.0
 Severity:  normal                    |  Resolution:
 Keywords:  needs-patch dev-feedback  |
--------------------------------------+-----------------------

Comment (by azaozz):

 Replying to [comment:14 hakre]:
 > ...
 > I've been looking into that function and I think we can do better for
 salts if /dev/urandom is available.

 If you want to improve `wp_generate_password()`, by all means, please do
 so in a new ticket. However keep in mind the above comment by @dd32. As
 the API uses functions that are external to PHP and are not available on
 the majority of servers (or are unreliable), it is impossible to implement
 the same code in core.

 > Keep in mind that the generation is only part of the scope of the
 feature request. Furthermnost part is to reduce the dependency from remote
 while keeping up the same level of quality of the salts if possible.

 I don't see a problem in using `wp_generate_password()` when the API is
 not available, even if the randomness of the strings is of a lesser
 quality. It would be better to have secret keys and salts in wp-config in
 any case.

 > If you can however provide more and better code, I would appreceate
 that.

 No, not at this time. May be able to come back to it in a few weeks.

 If you insist to keep this ticket open please change the title/description
 to reflect that it suggests using `wp_generate_password()` to fill the
 secret keys and salts in wp-config during installation. And of course a
 patch would be nice :-)

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15088#comment:15>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list