[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing

Wed Nov 7 19:31:01 UTC 2012

#21022: Allow bcrypt to be enabled via filter for pass hashing
--------------------------+------------------------------
 Reporter:  th23          |       Owner:
     Type:  enhancement   |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Security      |     Version:  3.4
 Severity:  normal        |  Resolution:
 Keywords:  dev-feedback  |
--------------------------+------------------------------

Comment (by harrym):

 +1 for switching the default. I think someone moving from new PHP to old
 PHP and finding their site is:

 * unlikely
 * easily resolved by resetting your account password

 And the normal upgrade path (where someone has lots of MD5 passwords and
 then starts using bcrypt) is a non-issue as PHPass will detect whatever
 algo was used and react appropriately.

 I've just discovered this ticket having already written a plugin (!) that
 makes this change, if anyone wants to give it a go
 (https://github.com/dxw/wp_bcrypt/archive/master.zip).

 I think this should just be changed in the core though.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software