[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Wed Nov 7 19:31:01 UTC 2012
#21022: Allow bcrypt to be enabled via filter for pass hashing
--------------------------+------------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: dev-feedback |
--------------------------+------------------------------
Comment (by harrym):
+1 for switching the default. I think someone moving from new PHP to old
PHP and finding their site is:
* unlikely
* easily resolved by resetting your account password
And the normal upgrade path (where someone has lots of MD5 passwords and
then starts using bcrypt) is a non-issue as PHPass will detect whatever
algo was used and react appropriately.
I've just discovered this ticket having already written a plugin (!) that
makes this change, if anyone wants to give it a go
(https://github.com/dxw/wp_bcrypt/archive/master.zip).
I think this should just be changed in the core though.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list