[wp-trac] [WordPress Trac] #31772: Browser unresponsive with long password

WordPress Trac noreply at wordpress.org
Wed May 6 19:28:33 UTC 2015

#31772: Browser unresponsive with long password
 Reporter:  BevanR                   |       Owner:
     Type:  defect (bug)             |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Users                    |     Version:  3.7
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-unit-    |     Focuses:  javascript,
  tests                              |  performance

Comment (by BevanR):

 @mattheweppelsheimer; Why and how do you create such long passwords?

 I ask because if there are common and good reasons for such long
 passwords, that might affect the priority of this issue, and also the
 related might-be-bug; that WP fails silently when a new password is
 greater than its threshold of about 1 or 2 thousand characters.  Note
 other systems have lower thresholds; Drupal's is about 500 for example.
 So if your password system or process generates passwords longer than a
 few hundred characters you are likely to encounter such issues.

 FYI, the reason for these thresholds is to prevent DDoS attacks, for which
 limitless password-hashing would offer a prime attack vector.  The limits
 are not the result of any limitation of the database or technology stack.

Ticket URL: <https://core.trac.wordpress.org/ticket/31772#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list