[wp-trac] [WordPress Trac] #51549: Updat to phpass 0.5

WordPress Trac noreply at wordpress.org
Fri Oct 16 05:54:14 UTC 2020


#51549: Updat to phpass 0.5
--------------------------------+-----------------------------------
 Reporter:  ayeshrajans         |      Owner:  (none)
     Type:  enhancement         |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  External Libraries  |    Version:
 Severity:  normal              |   Keywords:  has-patch 2nd-opinion
  Focuses:                      |
--------------------------------+-----------------------------------
 WordPress currently uses PHPass library version 0.3.

 This is over 10 years old now, and the latest version is 0.5. It doesn't
 dramatically improve the password hashing mechanism as it would have with
 a `password_hash` migration. However, I believe updating 0.5 still brings
 some strict comparison improvements made in the new version.

 https://www.openwall.com/phpass/

 WordPress's copy of phpass [https://github.com/WordPress/wordpress-
 develop/commits/master/src/wp-includes/class-phpass.php was modified over
 time].

  - [https://github.com/WordPress/wordpress-
 develop/commit/4a60647ab7c71844e23ff74c839c6e7e90c73892#diff-
 7e4ad7f3339a9b11e6cccdab902264a1e059a39afb66ed2ece0c6e3995ab78a1 Add a PHP
 4-style constructor compat]
  - [https://github.com/WordPress/wordpress-
 develop/commit/24cc3db43a23eab578d66877287bd84d27611a2c#diff-
 7e4ad7f3339a9b11e6cccdab902264a1e059a39afb66ed2ece0c6e3995ab78a1 Ending
 PHP tag removal]
  - [https://github.com/WordPress/wordpress-
 develop/commit/aec2f2654eb9461ff9b891fb0bfa2038fc4a381b#diff-
 7e4ad7f3339a9b11e6cccdab902264a1e059a39afb66ed2ece0c6e3995ab78a1 Limit
 password length to 4096 bytes]

 All changes need to be rebased to the version 0.5 as well.
 (patch to follow)

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51549>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list