[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Thu Nov 22 08:50:25 UTC 2012
#21022: Allow bcrypt to be enabled via filter for pass hashing
-------------------------+------------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: 3.6-early |
-------------------------+------------------------------
Comment (by ryansatterfield):
After further research I agree with Otto. PHPass will automatically change
the hash in non-portable mode and can detect the PHP version on it's own.
Maybe this could get into 3.5 or 3.5.1? I don't see a PHPass submitted
patch. I will try to submit a patch soon. I am busy today and part of
Friday. I have to do Holiday stuff.
Otto, I am sorry for my initial response. I replied that way since I've
worked with people who spent a week on their own without my help to learn
the most simplest thing about WordPress and still couldn't figure it out.
I was wrong to automatically assume the user would have to tell WordPress
that they had changed PHP versions. I hope everyone has a good
Thanksgiving.
Replying to [comment:34 Otto42]:
> Replying to [comment:32 ryansatterfield]:
> > While I really care about security, it isn't logical to use PHPass and
switch the supported version to 5.3.
>
> As I stated above, PHPass is *backwards compatible* with 5.2 just fine,
even in non-portable password mode.
>
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:36>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list