[wp-trac] [WordPress Trac] #56335: use hash_equals to check password hash
WordPress Trac
noreply at wordpress.org
Wed Oct 12 18:14:09 UTC 2022
#56335: use hash_equals to check password hash
-----------------------------+------------------------------
Reporter: hanshenrik | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: trivial | Resolution:
Keywords: has-patch close | Focuses:
-----------------------------+------------------------------
Changes (by desrosj):
* keywords: has-patch => has-patch close
* version: trunk =>
Comment:
I'm going to add a `close` suggestion here.
The [https://www.openwall.com/phpass/ PHPass class is an external
library], though WordPress has made some changes to it over time (see the
description of #51549).
I believe that the original intent of PHPass was to properly support
password hashing on PHP < 5.5, which no longer applies to WordPress. But
moving off of PHPass is a much larger discussion currently being had in
#50027 and #21022. I think I prefer that we direct any effort and
attention towards those tickets instead.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56335#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list