[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Sun Nov 8 22:40:35 UTC 2015
#21022: Allow bcrypt to be enabled via filter for pass hashing
-----------------------------------+------------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: 2nd-opinion has-patch | Focuses:
-----------------------------------+------------------------------
Comment (by deadduck169):
Replying to [comment:52 mark8barnes]:
> That's not the worry. The worry is that if this is enabled for PHP 5.5+,
then someone downgrades from PHP 5.5 to PHP 5.3, then bcrypt will no
longer work, and people won't be able to log-in without resetting their
passwords.
Actually, according to [https://github.com/ircmaxell/password_compat
here], it's versions < 5.3.7 and also that haven't had the $2y fix
backported into them that are incompatible. Of the servers using PHP 5.3,
most will likely be using either >= 5.3.7 or a version with $2y backported
into it.
The [https://wordpress.org/about/stats/ stats] show that at the time of
writing only 11.2% of Wordpress servers currently use PHP 5.2. The chance
of someone moving from a PHP 5.5 server to a 5.2 server are probably
pretty negligible, especially since 5.2 has been past its
[http://php.net/eol.php end of support] since the beginning of 2011.
I feel that while '''not''' using bcrypt by default we are throwing the
baby out with the bath water. We can easily detect whether the user's PHP
is compatible with $2y (see the
[https://github.com/ircmaxell/password_compat/blob/master/lib/password.php
check function here]), so even if there's a 0.1% chance that someone might
migrate from a compatible version to an incompatible version, all we need
to do is display a message to users after they have attempted to log in,
like this:
1. User enters their login info
2. Server retrieves password hash from the database
3. Server sees that the hash uses $2y and PHP is <= 5.3.7.
4. Server checks for $2y compatibility using the function linked above
5. If incompatible, display the following message to the user:
> Warning: This installation of Wordpress was migrated from a new version
of PHP to an older one. Unfortunately we are unable to verify your
password, so please [reset it]. This only needs to be done once.
So it's a minor inconvenience for the few odd installs that for some
reason migrate to an old and unsupported PHP version, but increased
security for the ~90% of installs that are currently using PHP >= 5.3.7
(and increasing every day). I think that's a fair trade-off.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:63>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list