[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Wed Nov 7 23:15:16 UTC 2012
#21022: Allow bcrypt to be enabled via filter for pass hashing
--------------------------+------------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: dev-feedback |
--------------------------+------------------------------
Changes (by harrym):
* keywords: dev-feedback has-patch => dev-feedback
Comment:
Replying to [comment:21 ryanhellyer]:
> I run a few sites with many thousands of logged in users. Forcing them
to all upgrade their passwords at once would be quite problematic.
That seems fair enough.
Replying to [comment:22 nacin]:
> Replying to [comment:20 harrym]:
> > What's involved in increasing the requirement from 5.2 to 5.3? That
feels non-trivial.
>
> Only 31% of WordPress installs run 5.3. I don't see this happening
before 2014.
Wow. I'm surprised it's that low.
So it sounds like switching the default is not likely to happen soon.
Given that:
* It's going to be a while before the default can be changed
* A third of installs could immediately benefit
Can we reconsider making a define to control portability?
Happy to resubmit a patch if it's a goer, including the hash upgrade on
login.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:23>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list