[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Wed Mar 13 23:05:35 UTC 2019
#21022: Allow bcrypt to be enabled via filter for pass hashing
-------------------------------------------------+-------------------------
Reporter: th23 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: 2nd-opinion has-patch needs-testing | Focuses:
5.0-early dev-feedback |
-------------------------------------------------+-------------------------
Comment (by deadduck169):
Replying to [comment:104 Otto42]:
> It is worth noting that switching to password_hash would effectively
limit password lengths to 72 bytes (the bcrypt algorithm ignores the rest,
so PHP truncates the password to that length).
If your passwords are 72 bytes long, I can guarantee your security
bottleneck is not in the password length limitation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:105>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list