[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Mon Dec 12 13:06:38 UTC 2022
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: Security | Version: 3.4
Severity: major | Resolution:
Keywords: 2nd-opinion has-patch needs-testing | Focuses:
dev-feedback |
-------------------------------------------------+-------------------------
Comment (by ryanhellyer):
Replying to [comment:133 stgoos]:
> **Is a solution in which bcrypt is used, by default, and argon2 -when
detected as available- an idea?**
Is there potentially a library which could be bundled to support argon2
for the (presumably) rare sites which don't have it available?
Supporting two different encryption methods will presumably cause problems
when transitioning between the two. Or is there some method to handle
this, without forcing a password reset?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:135>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list