[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing

[WordPress Trac]

#21022: Allow bcrypt to be enabled via filter for pass hashing
-------------------------+------------------------------
 Reporter:  th23         |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Security     |     Version:  3.4
 Severity:  normal       |  Resolution:
 Keywords:  3.6-early    |
-------------------------+------------------------------

Comment (by ryansatterfield):

 Do you know that a large majority of people who use WordPress barely know
 how to turn their cookies on? I do WordPress tutoring through my company
 and sometimes just to help people out. The "logic" I hear is quite a wake
 up call to how we should program to help them. Unless PHPass can detect
 that It has been moved to a server that supports PHP 5.2 instead of PHP
 5.3 and then automatically changes the password encryption, then it isn't
 logical to have it as a WordPress default.

 I don't work for WordPress, but I know the end-user mind and so does the
 WordPress team. I know what you are saying is easy for us geeks, but it
 isn't for a large portion of WordPress clients. People use WordPress
 because it is the easiest CMS available.

 This will have to wait until at least 2014, although I expect a lot of
 servers to still support PHP 5.2 in 2014.

 Replying to [comment:34 Otto42]:
 > Replying to [comment:32 ryansatterfield]:
 > > While I really care about security, it isn't logical to use PHPass and
 switch the supported version to 5.3.
 >
 > As I stated above, PHPass is *backwards compatible* with 5.2 just fine,
 even in non-portable password mode.
 >

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:35>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software