[wp-trac] [WordPress Trac] #56335: use hash_equals to check password hash
WordPress Trac
noreply at wordpress.org
Thu Aug 4 23:43:09 UTC 2022
#56335: use hash_equals to check password hash
-------------------------+------------------------------
Reporter: hanshenrik | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: trivial | Resolution:
Keywords: has-patch | Focuses:
-------------------------+------------------------------
Comment (by hanshenrik):
turns out PHP<5.6 support has been dropped, that simplifies things, PR
updated :)
Also fwiw PHP's built-in password_equals() also use constnat-time hash
check internally.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56335#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list