[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing

[WordPress Trac]

#21022: Allow bcrypt to be enabled via filter for pass hashing
-------------------------+------------------------------
 Reporter:  th23         |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Security     |     Version:  3.4
 Severity:  normal       |  Resolution:
 Keywords:  3.6-early    |
-------------------------+------------------------------

Comment (by ryansatterfield):

 After further research I agree with Otto. PHPass will automatically change
 the hash in non-portable mode and can detect the PHP version on it's own.
 Maybe this could get into 3.5 or 3.5.1? I don't see a PHPass submitted
 patch. I will try to submit a patch soon. I am busy today and part of
 Friday. I have to do Holiday stuff.

 Otto, I am sorry for my initial response. I replied that way since I've
 worked with people who spent a week on their own without my help to learn
 the most simplest thing about WordPress and still couldn't figure it out.
 I was wrong to automatically assume the user would have to tell WordPress
 that they had changed PHP versions. I hope everyone has a good
 Thanksgiving.

 Replying to [comment:34 Otto42]:
 > Replying to [comment:32 ryansatterfield]:
 > > While I really care about security, it isn't logical to use PHPass and
 switch the supported version to 5.3.
 >
 > As I stated above, PHPass is *backwards compatible* with 5.2 just fine,
 even in non-portable password mode.
 >

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:36>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software