[wp-trac] [WordPress Trac] #50027: Retire Phpass and use PHP native password hashing

WordPress Trac noreply at wordpress.org
Wed Apr 29 10:46:20 UTC 2020


#50027: Retire Phpass and use PHP native password hashing
-------------------------------------------------+-------------------------
 Reporter:  ayeshrajans                          |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
                                                 |  Review
Component:  General                              |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  2nd-opinion needs-unit-tests needs-  |     Focuses:
  patch                                          |
-------------------------------------------------+-------------------------

Comment (by ayeshrajans):

 Related #21022: A ticket opened 8 years ago, and last reply 7 months ago.
 The conversation drives to use password_hash() when minimum required PHP
 version is upped to 5.6

 Related #39499: A suggestion to use Argon2ID (which is quite secure no
 doubt), but requires to polyfill it with a quite slow user-land polyfill.
 It was not well-received and I don't suggest to use sodium_compat either.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/50027#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list