[wp-trac] [WordPress Trac] #44032: Minor enhancement

WordPress Trac noreply at wordpress.org
Sat May 12 08:29:15 UTC 2018


#44032: Minor enhancement
-------------------------------------+------------------------------
 Reporter:  alicewondermiscreations  |       Owner:  (none)
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Upgrade/Install          |     Version:
 Severity:  trivial                  |  Resolution:
 Keywords:                           |     Focuses:
-------------------------------------+------------------------------

Comment (by alicewondermiscreations):

 Adding a couple notes -

 A) This makes it much easier to see how much entropy is in the generation
 of the salt as you do not need to calculate the size if the dictionary.

 B) This makes it much easier to adjust how much entropy is in the
 generation of the salt if needed to meet some guidelines (e.g. if NIST or
 someone were to publish guidelines saying salts needed 384 bits of entropy
 or something like that to comply with a certain standard)

 There already are strong suggestions that a nonce used as CSRF token have
 128 bits of entropy for example, so it wouldn't surprise me is salts soon
 had similar guidelines too.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44032#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list