[wp-trac] [WordPress Trac] #50027: Retire Phpass and use PHP native password hashing
WordPress Trac
noreply at wordpress.org
Wed Apr 29 10:46:20 UTC 2020
#50027: Retire Phpass and use PHP native password hashing
-------------------------------------------------+-------------------------
Reporter: ayeshrajans | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion needs-unit-tests needs- | Focuses:
patch |
-------------------------------------------------+-------------------------
Comment (by ayeshrajans):
Related #21022: A ticket opened 8 years ago, and last reply 7 months ago.
The conversation drives to use password_hash() when minimum required PHP
version is upped to 5.6
Related #39499: A suggestion to use Argon2ID (which is quite secure no
doubt), but requires to polyfill it with a quite slow user-land polyfill.
It was not well-received and I don't suggest to use sodium_compat either.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50027#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list