[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Sun Jun 9 16:23:19 UTC 2019
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: Security | Version: 3.4
Severity: major | Resolution:
Keywords: 2nd-opinion has-patch needs-testing | Focuses:
dev-feedback |
-------------------------------------------------+-------------------------
Comment (by mobby2561):
Replying to [comment:107 bgermann]:
> I did not change the 4096 character limit unit test yet so this one
fails. Should I just remove the test or introduce an explicit check for 72
characters in the authentication code and the test?
I'm not a programmer, but Dropbox has probably a nice approach to this
problem - using SHA512 along with the bcrypt.
Maybe this information will help somehow someone.
[https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-
passwords/ Dorpbox's related article]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:110>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list