[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Fri Nov 16 08:30:38 UTC 2012
#21022: Allow bcrypt to be enabled via filter for pass hashing
-------------------------------------------+------------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: 2nd-opinion punt dev-feedback |
-------------------------------------------+------------------------------
Comment (by ryansatterfield):
While I really care about security, it isn't logical to use PHPass and
switch the supported version to 5.3. Why? Well, 3,383,560 servers are
currently running 5.2. Only 3,475,453 servers support PHP 5.3. If
WordPress stopped supporting 5.2 there would be an outrage. The problem
stems from PHP not putting in native support for more secure hash types
hash types before 5.3. I agree with Nacin on the fact that we should use
plugins until at least 2014. If you even know about password hashing, then
finding a plugin won't be hard. If you want to double check my findings on
the PHP versions go to shodanhq.com and do some searches.
Replying to [comment:22 nacin]:
> Replying to [comment:20 harrym]:
> > What's involved in increasing the requirement from 5.2 to 5.3? That
feels non-trivial.
>
> Only 31% of WordPress installs run 5.3. I don't see this happening
before 2014.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:32>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list