[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Sat Sep 14 21:36:12 UTC 2019
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: Security | Version: 3.4
Severity: major | Resolution:
Keywords: 2nd-opinion has-patch needs-testing | Focuses:
dev-feedback |
-------------------------------------------------+-------------------------
Comment (by my1xt):
@paragoninitiativeenterprises depending on what characters are safe to use
in bcrypt one might even be able to use Base91 instead of base64
http://base91.sourceforge.net/
which basically does the same as base64 but with more characters to choose
from thereby raising the information density and thereby allowing more
stuff into the password before stuff gets truncated.
or obviously IF bcrypt is binary safe one wouldnt need to encode at all
and 64 bytes fits into the 72 limit of bcrypt no problem.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:113>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list