[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Thu Nov 21 14:31:34 UTC 2024
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner:
| johnbillion
Type: enhancement | Status: accepted
Priority: normal | Milestone: 6.8
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing has-unit- | Focuses:
tests |
-------------------------------------------------+-------------------------
Comment (by haozi):
Please refer OWASP's documentation
[https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
#pre-hashing-passwords-with-bcrypt], they don't recommend pre-hashing
passwords when using bcrypt.
Perhaps we can add input length restrictions to prevent users from using
too long passwords?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:153>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list