Changeset 59828

Timestamp:

02/17/2025 11:22:33 AM (2 months ago)

Author:

johnbillion

Message:

Security: Switch to using bcrypt for hashing user passwords and BLAKE2b for hashing application passwords and security keys.

Passwords and security keys that were saved in prior versions of WordPress will continue to work. Each user's password will be opportunistically rehashed and resaved when they next subsequently log in using a valid password.

The following new functions have been introduced:

• wp_password_needs_rehash()
• wp_fast_hash()
• wp_verify_fast_hash()

The following new filters have been introduced:

• password_needs_rehash
• wp_hash_password_algorithm
• wp_hash_password_options

Props ayeshrajans, bgermann, dd32, deadduck169, desrosj, haozi, harrym, iandunn, jammycakes, joehoyle, johnbillion, mbijon, mojorob, mslavco, my1xt, nacin, otto42, paragoninitiativeenterprises, paulkevan, rmccue, ryanhellyer, scribu, swalkinshaw, synchro, th23, timothyblynjacobs, tomdxw, westi, xknown.

Additional thanks go to the Roots team, Soatok, Calvin Alkan, and Raphael Ahrens.

Fixes #21022, #44628

Location:

trunk

Files:

• src/wp-admin/includes/upgrade.php (modified) (2 diffs)
• src/wp-includes/class-wp-application-passwords.php (modified) (6 diffs)
• src/wp-includes/class-wp-recovery-mode-key-service.php (modified) (6 diffs)
• src/wp-includes/class-wp-user-request.php (modified) (1 diff)
• src/wp-includes/class-wp-user.php (modified) (1 diff)
• src/wp-includes/functions.php (modified) (1 diff)
• src/wp-includes/pluggable.php (modified) (9 diffs)
• src/wp-includes/user.php (modified) (19 diffs)
• tests/phpunit/includes/bootstrap.php (modified) (1 diff)
• tests/phpunit/includes/class-wp-fake-hasher.php (added)
• tests/phpunit/tests/auth.php (modified) (18 diffs)
• tests/phpunit/tests/pluggable/signatures.php (modified) (1 diff)
• tests/phpunit/tests/user/passwordHash.php (modified) (1 diff)

trunk/src/wp-admin/includes/upgrade.php

@@ -981 +981 @@
  * @ignore
  * @since 1.2.0
+ * @since 6.8.0 User passwords are no longer hashed with md5.
  *
  * @global wpdb $wpdb WordPress database abstraction object.
@@ -993 +994 @@
             $newname = sanitize_title( $user->user_nickname );
             $wpdb->update( $wpdb->users, array( 'user_nicename' => $newname ), array( 'ID' => $user->ID ) );
-        }
-    }
-
-    $users = $wpdb->get_results( "SELECT ID, user_pass from $wpdb->users" );
-    foreach ( $users as $row ) {
-        if ( ! preg_match( '/^[A-Fa-f0-9]{32}$/', $row->user_pass ) ) {
-            $wpdb->update( $wpdb->users, array( 'user_pass' => md5( $row->user_pass ) ), array( 'ID' => $row->ID ) );
         }
     }

trunk/src/wp-includes/class-wp-application-passwords.php

@@ -61 +61 @@
      * @since 5.6.0
      * @since 5.7.0 Returns WP_Error if application name already exists.
+     * @since 6.8.0 The hashed password value now uses wp_fast_hash() instead of phpass.
      *
      * @param int   $user_id  User ID.
@@ -96 +97 @@
 
         $new_password    = wp_generate_password( static::PW_LENGTH, false );
-        $hashed_password = wp_hash_password( $new_password );
+        $hashed_password = self::hash_password( $new_password );
 
         $new_item = array(
@@ -125 +126 @@
          *
          * @since 5.6.0
+         * @since 6.8.0 The hashed password value now uses wp_fast_hash() instead of phpass.
          *
          * @param int    $user_id      The user ID.
@@ -250 +252 @@
      *
      * @since 5.6.0
+     * @since 6.8.0 The actual password should now be hashed using wp_fast_hash().
      *
      * @param int    $user_id User ID.
@@ -297 +300 @@
              *
              * @since 5.6.0
+             * @since 6.8.0 The password is now hashed using wp_fast_hash() instead of phpass.
+             *              Existing passwords may still be hashed using phpass.
              *
              * @param int   $user_id The user ID.
@@ -468 +473 @@
         return trim( chunk_split( $raw_password, 4, ' ' ) );
     }
+
+    /**
+     * Hashes a plaintext application password.
+     *
+     * @since 6.8.0
+     *
+     * @param string $password Plaintext password.
+     * @return string Hashed password.
+     */
+    public static function hash_password(
+        #[\SensitiveParameter]
+        string $password
+    ): string {
+        return wp_fast_hash( $password );
+    }
+
+    /**
+     * Checks a plaintext application password against a hashed password.
+     *
+     * @since 6.8.0
+     *
+     * @param string $password Plaintext password.
+     * @param string $hash     Hash of the password to check against.
+     * @return bool Whether the password matches the hashed password.
+     */
+    public static function check_password(
+        #[\SensitiveParameter]
+        string $password,
+        string $hash
+    ): bool {
+        return wp_verify_fast_hash( $password, $hash );
+    }
 }

trunk/src/wp-includes/class-wp-recovery-mode-key-service.php

@@ -38 +38 @@
      *
      * @since 5.2.0
-     *
-     * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
+     * @since 6.8.0 The stored key is now hashed using wp_fast_hash() instead of phpass.
      *
      * @param string $token A token generated by {@see generate_recovery_mode_token()}.
@@ -45 +44 @@
      */
     public function generate_and_store_recovery_mode_key( $token ) {
-
-        global $wp_hasher;
-
         $key = wp_generate_password( 22, false );
-
-        if ( empty( $wp_hasher ) ) {
-            require_once ABSPATH . WPINC . '/class-phpass.php';
-            $wp_hasher = new PasswordHash( 8, true );
-        }
-
-        $hashed = $wp_hasher->HashPassword( $key );
 
         $records = $this->get_keys();
 
         $records[ $token ] = array(
-            'hashed_key' => $hashed,
+            'hashed_key' => wp_fast_hash( $key ),
             'created_at' => time(),
         );
@@ -86 +75 @@
      * @since 5.2.0
      *
-     * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
-     *
      * @param string $token The token used when generating the given key.
-     * @param string $key   The unhashed key.
+     * @param string $key   The plain text key.
      * @param int    $ttl   Time in seconds for the key to be valid for.
      * @return true|WP_Error True on success, error object on failure.
      */
     public function validate_recovery_mode_key( $token, $key, $ttl ) {
-        global $wp_hasher;
-
         $records = $this->get_keys();
 
@@ -110 +95 @@
         }
 
-        if ( empty( $wp_hasher ) ) {
-            require_once ABSPATH . WPINC . '/class-phpass.php';
-            $wp_hasher = new PasswordHash( 8, true );
-        }
-
-        if ( ! $wp_hasher->CheckPassword( $key, $record['hashed_key'] ) ) {
+        if ( ! wp_verify_fast_hash( $key, $record['hashed_key'] ) ) {
             return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
         }
@@ -170 +150 @@
      *
      * @since 5.2.0
+     * @since 6.8.0 Each key is now hashed using wp_fast_hash() instead of phpass.
+     *              Existing keys may still be hashed using phpass.
      *
-     * @return array Associative array of $token => $data pairs, where $data has keys 'hashed_key'
-     *               and 'created_at'.
+     * @return array {
+     *     Associative array of token => data pairs, where the data is an associative
+     *     array of information about the key.
+     *
+     *     @type array ...$0 {
+     *         Information about the key.
+     *
+     *         @type string $hashed_key The hashed value of the key.
+     *         @type int    $created_at The timestamp when the key was created.
+     *     }
+     * }
      */
     private function get_keys() {
@@ -182 +173 @@
      *
      * @since 5.2.0
+     * @since 6.8.0 Each key should now be hashed using wp_fast_hash() instead of phpass.
      *
-     * @param array $keys Associative array of $token => $data pairs, where $data has keys 'hashed_key'
-     *                    and 'created_at'.
+     * @param array $keys {
+     *     Associative array of token => data pairs, where the data is an associative
+     *     array of information about the key.
+     *
+     *     @type array ...$0 {
+     *         Information about the key.
+     *
+     *         @type string $hashed_key The hashed value of the key.
+     *         @type int    $created_at The timestamp when the key was created.
+     *     }
+     * }
      * @return bool True on success, false on failure.
      */

trunk/src/wp-includes/class-wp-user-request.php

@@ -93 +93 @@
      *
      * @since 4.9.6
+     * @since 6.8.0 The key is now hashed using wp_fast_hash() instead of phpass.
+     *
      * @var string
      */

trunk/src/wp-includes/class-wp-user.php

@@ -12 +12 @@
  *
  * @since 2.0.0
+ * @since 6.8.0 The `user_pass` property is now hashed using bcrypt instead of phpass.
  *
  * @property string $nickname

trunk/src/wp-includes/functions.php

@@ -9115 +9115 @@
     return in_array( $mime_type, $heic_mime_types, true );
 }
+
+/**
+ * Returns a cryptographically secure hash of a message using a fast generic hash function.
+ *
+ * Use the wp_verify_fast_hash() function to verify the hash.
+ *
+ * This function does not salt the value prior to being hashed, therefore input to this function must originate from
+ * a random generator with sufficiently high entropy, preferably greater than 128 bits. This function is used internally
+ * in WordPress to hash security keys and application passwords which are generated with high entropy.
+ *
+ * Important:
+ *
+ *  - This function must not be used for hashing user-generated passwords. Use wp_hash_password() for that.
+ *  - This function must not be used for hashing other low-entropy input. Use wp_hash() for that.
+ *
+ * The BLAKE2b algorithm is used by Sodium to hash the message.
+ *
+ * @since 6.8.0
+ *
+ * @throws TypeError Thrown by Sodium if the message is not a string.
+ *
+ * @param string $message The message to hash.
+ * @return string The hash of the message.
+ */
+function wp_fast_hash(
+    #[\SensitiveParameter]
+    string $message
+): string {
+    return '$generic$' . sodium_bin2hex( sodium_crypto_generichash( $message ) );
+}
+
+/**
+ * Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash().
+ *
+ * The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash,
+ * the hash is treated as a phpass portable hash in order to provide backward compatibility for application passwords
+ * which were hashed using phpass prior to WordPress 6.8.0.
+ *
+ * @since 6.8.0
+ *
+ * @throws TypeError Thrown by Sodium if the message is not a string.
+ *
+ * @param string $message The plaintext message.
+ * @param string $hash    Hash of the message to check against.
+ * @return bool Whether the message matches the hashed message.
+ */
+function wp_verify_fast_hash(
+    #[\SensitiveParameter]
+    string $message,
+    string $hash
+): bool {
+    if ( ! str_starts_with( $hash, '$generic$' ) ) {
+        // Back-compat for old phpass hashes.
+        require_once ABSPATH . WPINC . '/class-phpass.php';
+        return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash );
+    }
+
+    return hash_equals( $hash, wp_fast_hash( $message ) );
+}

trunk/src/wp-includes/pluggable.php

@@ -694 +694 @@
      * @param string $cookie Optional. If used, will validate contents instead of cookie's.
      * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
+     *                       Note: This does *not* default to 'auth' like other cookie functions.
      * @return int|false User ID if valid cookie, false if invalid.
      */
@@ -769 +770 @@
         }
 
-        $pass_frag = substr( $user->user_pass, 8, 4 );
+        if ( str_starts_with( $user->user_pass, '$P$' ) || str_starts_with( $user->user_pass, '$2y$' ) ) {
+            // Retain previous behaviour of phpass or vanilla bcrypt hashed passwords.
+            $pass_frag = substr( $user->user_pass, 8, 4 );
+        } else {
+            // Otherwise, use a substring from the end of the hash to avoid dealing with potentially long hash prefixes.
+            $pass_frag = substr( $user->user_pass, -4 );
+        }
 
         $key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );
@@ -870 +877 @@
         }
 
-        $pass_frag = substr( $user->user_pass, 8, 4 );
+        if ( str_starts_with( $user->user_pass, '$P$' ) || str_starts_with( $user->user_pass, '$2y$' ) ) {
+            // Retain previous behaviour of phpass or vanilla bcrypt hashed passwords.
+            $pass_frag = substr( $user->user_pass, 8, 4 );
+        } else {
+            // Otherwise, use a substring from the end of the hash to avoid dealing with potentially long hash prefixes.
+            $pass_frag = substr( $user->user_pass, -4 );
+        }
 
         $key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );
@@ -2626 +2639 @@
      *
      * @since 2.5.0
-     *
-     * @global PasswordHash $wp_hasher PHPass object.
+     * @since 6.8.0 The password is now hashed using bcrypt by default instead of phpass.
+     *
+     * @global PasswordHash $wp_hasher phpass object.
      *
      * @param string $password Plain text user password to hash.
@@ -2638 +2652 @@
         global $wp_hasher;
 
-        if ( empty( $wp_hasher ) ) {
-            require_once ABSPATH . WPINC . '/class-phpass.php';
-            // By default, use the portable hash from phpass.
-            $wp_hasher = new PasswordHash( 8, true );
-        }
-
-        return $wp_hasher->HashPassword( trim( $password ) );
+        if ( ! empty( $wp_hasher ) ) {
+            return $wp_hasher->HashPassword( trim( $password ) );
+        }
+
+        if ( strlen( $password ) > 4096 ) {
+            return '*';
+        }
+
+        /**
+         * Filters the hashing algorithm to use in the password_hash() and password_needs_rehash() functions.
+         *
+         * The default is the value of the `PASSWORD_BCRYPT` constant which means bcrypt is used.
+         *
+         * **Important:** The only password hashing algorithm that is guaranteed to be available across PHP
+         * installations is bcrypt. If you use any other algorithm you must make sure that it is available on
+         * the server. The `password_algos()` function can be used to check which hashing algorithms are available.
+         *
+         * The hashing options can be controlled via the {@see 'wp_hash_password_options'} filter.
+         *
+         * Other available constants include:
+         *
+         * - `PASSWORD_ARGON2I`
+         * - `PASSWORD_ARGON2ID`
+         * - `PASSWORD_DEFAULT`
+         *
+         * @since 6.8.0
+         *
+         * @param string $algorithm The hashing algorithm. Default is the value of the `PASSWORD_BCRYPT` constant.
+         */
+        $algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );
+
+        /**
+         * Filters the options passed to the password_hash() and password_needs_rehash() functions.
+         *
+         * The default hashing algorithm is bcrypt, but this can be changed via the {@see 'wp_hash_password_algorithm'}
+         * filter. You must ensure that the options are appropriate for the algorithm in use.
+         *
+         * @since 6.8.0
+         *
+         * @param array $options    Array of options to pass to the password hashing functions.
+         *                          By default this is an empty array which means the default
+         *                          options will be used.
+         * @param string $algorithm The hashing algorithm in use.
+         */
+        $options = apply_filters( 'wp_hash_password_options', array(), $algorithm );
+
+        // Algorithms other than bcrypt don't need to use pre-hashing.
+        if ( PASSWORD_BCRYPT !== $algorithm ) {
+            return password_hash( $password, $algorithm, $options );
+        }
+
+        // Use SHA-384 to retain entropy from a password that's longer than 72 bytes, and a `wp-sha384` key for domain separation.
+        $password_to_hash = base64_encode( hash_hmac( 'sha384', trim( $password ), 'wp-sha384', true ) );
+
+        // Add a prefix to facilitate distinguishing vanilla bcrypt hashes.
+        return '$wp' . password_hash( $password_to_hash, $algorithm, $options );
     }
 endif;
@@ -2652 +2715 @@
      * Checks a plaintext password against a hashed password.
      *
-     * Maintains compatibility between old version and the new cookie authentication
-     * protocol using PHPass library. The $hash parameter is the encrypted password
-     * and the function compares the plain text password when encrypted similarly
-     * against the already encrypted password to see if they match.
+     * Note that this function may be used to check a value that is not a user password.
+     * A plugin may use this function to check a password of a different type, and there
+     * may not always be a user ID associated with the password.
      *
      * For integration with other applications, this function can be overwritten to
@@ -2661 +2723 @@
      *
      * @since 2.5.0
-     *
-     * @global PasswordHash $wp_hasher PHPass object used for checking the password
-     *                                 against the $hash + $password.
-     * @uses PasswordHash::CheckPassword
-     *
-     * @param string     $password Plaintext user's password.
-     * @param string     $hash     Hash of the user's password to check against.
-     * @param string|int $user_id  Optional. User ID.
+     * @since 6.8.0 Passwords in WordPress are now hashed with bcrypt by default. A
+     *              password that wasn't hashed with bcrypt will be checked with phpass.
+     *              Passwords hashed with md5 are no longer supported.
+     *
+     * @global PasswordHash $wp_hasher phpass object. Used as a fallback for verifying
+     *                                 passwords that were hashed with phpass.
+     *
+     * @param string     $password Plaintext password.
+     * @param string     $hash     Hash of the password to check against.
+     * @param string|int $user_id  Optional. ID of a user associated with the password.
      * @return bool False, if the $password does not match the hashed password.
      */
@@ -2679 +2743 @@
         global $wp_hasher;
 
-        // If the hash is still md5...
+        $check = false;
+
+        // If the hash is still md5 or otherwise truncated then invalidate it.
         if ( strlen( $hash ) <= 32 ) {
-            $check = hash_equals( $hash, md5( $password ) );
-            if ( $check && $user_id ) {
-                // Rehash using new hash.
-                wp_set_password( $password, $user_id );
-                $hash = wp_hash_password( $password );
-            }
-
             /**
-             * Filters whether the plaintext password matches the encrypted password.
+             * Filters whether the plaintext password matches the hashed password.
              *
              * @since 2.5.0
+             * @since 6.8.0 Passwords are now hashed with bcrypt by default.
+             *              Old passwords may still be hashed with phpass.
              *
              * @param bool       $check    Whether the passwords match.
              * @param string     $password The plaintext password.
              * @param string     $hash     The hashed password.
-             * @param string|int $user_id  User ID. Can be empty.
+             * @param string|int $user_id  Optional ID of a user associated with the password.
+             *                             Can be empty.
              */
             return apply_filters( 'check_password', $check, $password, $hash, $user_id );
         }
 
-        /*
-         * If the stored hash is longer than an MD5,
-         * presume the new style phpass portable hash.
-         */
-        if ( empty( $wp_hasher ) ) {
+        if ( ! empty( $wp_hasher ) ) {
+            // Check the password using the overridden hasher.
+            $check = $wp_hasher->CheckPassword( $password, $hash );
+        } elseif ( strlen( $password ) > 4096 ) {
+            $check = false;
+        } elseif ( str_starts_with( $hash, '$wp' ) ) {
+            // Check the password using the current prefixed hash.
+            $password_to_verify = base64_encode( hash_hmac( 'sha384', $password, 'wp-sha384', true ) );
+            $check              = password_verify( $password_to_verify, substr( $hash, 3 ) );
+        } elseif ( str_starts_with( $hash, '$P$' ) ) {
+            // Check the password using phpass.
             require_once ABSPATH . WPINC . '/class-phpass.php';
-            // By default, use the portable hash from phpass.
-            $wp_hasher = new PasswordHash( 8, true );
-        }
-
-        $check = $wp_hasher->CheckPassword( $password, $hash );
+            $check = ( new PasswordHash( 8, true ) )->CheckPassword( $password, $hash );
+        } else {
+            // Check the password using compat support for any non-prefixed hash.
+            $check = password_verify( $password, $hash );
+        }
 
         /** This filter is documented in wp-includes/pluggable.php */
         return apply_filters( 'check_password', $check, $password, $hash, $user_id );
+    }
+endif;
+
+if ( ! function_exists( 'wp_password_needs_rehash' ) ) :
+    /**
+     * Checks whether a password hash needs to be rehashed.
+     *
+     * Passwords are hashed with bcrypt using the default cost. A password hashed in a prior version
+     * of WordPress may still be hashed with phpass and will need to be rehashed. If the default cost
+     * or algorithm is changed in PHP or WordPress then a password hashed in a previous version will
+     * need to be rehashed.
+     *
+     * Note that, just like wp_check_password(), this function may be used to check a value that is
+     * not a user password. A plugin may use this function to check a password of a different type,
+     * and there may not always be a user ID associated with the password.
+     *
+     * @since 6.8.0
+     *
+     * @global PasswordHash $wp_hasher phpass object.
+     *
+     * @param string     $hash    Hash of a password to check.
+     * @param string|int $user_id Optional. ID of a user associated with the password.
+     * @return bool Whether the hash needs to be rehashed.
+     */
+    function wp_password_needs_rehash( $hash, $user_id = '' ) {
+        global $wp_hasher;
+
+        if ( ! empty( $wp_hasher ) ) {
+            return false;
+        }
+
+        /** This filter is documented in wp-includes/pluggable.php */
+        $algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );
+
+        /** This filter is documented in wp-includes/pluggable.php */
+        $options = apply_filters( 'wp_hash_password_options', array(), $algorithm );
+
+        $prefixed = str_starts_with( $hash, '$wp' );
+
+        if ( ( PASSWORD_BCRYPT === $algorithm ) && ! $prefixed ) {
+            // If bcrypt is in use and the hash is not prefixed then it needs to be rehashed.
+            $needs_rehash = true;
+        } else {
+            // Otherwise check the hash minus its prefix if necessary.
+            $hash_to_check = $prefixed ? substr( $hash, 3 ) : $hash;
+            $needs_rehash  = password_needs_rehash( $hash_to_check, $algorithm, $options );
+        }
+
+        /**
+         * Filters whether the password hash needs to be rehashed.
+         *
+         * @since 6.8.0
+         *
+         * @param bool       $needs_rehash Whether the password hash needs to be rehashed.
+         * @param string     $hash         The password hash.
+         * @param string|int $user_id      Optional. ID of a user associated with the password.
+         */
+        return apply_filters( 'password_needs_rehash', $needs_rehash, $hash, $user_id );
     }
 endif;
@@ -2866 +2992 @@
      *
      * @since 2.5.0
+     * @since 6.8.0 The password is now hashed using bcrypt by default instead of phpass.
      *
      * @global wpdb $wpdb WordPress database abstraction object.

trunk/src/wp-includes/user.php

@@ -206 +206 @@
     }
 
-    if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
+    $valid = wp_check_password( $password, $user->user_pass, $user->ID );
+
+    if ( ! $valid ) {
         return new WP_Error(
             'incorrect_password',
@@ -220 +222 @@
     }
 
+    if ( wp_password_needs_rehash( $user->user_pass, $user->ID ) ) {
+        wp_set_password( $password, $user->ID );
+    }
+
     return $user;
 }
@@ -283 +289 @@
     }
 
-    if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
+    $valid = wp_check_password( $password, $user->user_pass, $user->ID );
+
+    if ( ! $valid ) {
         return new WP_Error(
             'incorrect_password',
@@ -295 +303 @@
             '</a>'
         );
+    }
+
+    if ( wp_password_needs_rehash( $user->user_pass, $user->ID ) ) {
+        wp_set_password( $password, $user->ID );
     }
 
@@ -446 +458 @@
 
     foreach ( $hashed_passwords as $key => $item ) {
-        if ( ! wp_check_password( $password, $item['password'], $user->ID ) ) {
+        if ( ! WP_Application_Passwords::check_password( $password, $item['password'] ) ) {
             continue;
         }
@@ -2432 +2444 @@
      * @since 4.9.0
      * @since 5.8.0 The `$userdata` parameter was added.
+     * @since 6.8.0 The user's password is now hashed using bcrypt instead of phpass.
      *
      * @param array    $data {
@@ -2979 +2992 @@
  * @since 4.4.0
  *
- * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
- *
  * @param WP_User $user User to retrieve password reset key for.
  * @return string|WP_Error Password reset key on success. WP_Error on error.
  */
 function get_password_reset_key( $user ) {
-    global $wp_hasher;
-
     if ( ! ( $user instanceof WP_User ) ) {
         return new WP_Error( 'invalidcombo', __( '<strong>Error:</strong> There is no account with that username or email address.' ) );
@@ -3032 +3041 @@
     do_action( 'retrieve_password_key', $user->user_login, $key );
 
-    // Now insert the key, hashed, into the DB.
-    if ( empty( $wp_hasher ) ) {
-        require_once ABSPATH . WPINC . '/class-phpass.php';
-        $wp_hasher = new PasswordHash( 8, true );
-    }
-
-    $hashed = time() . ':' . $wp_hasher->HashPassword( $key );
+    $hashed = time() . ':' . wp_fast_hash( $key );
 
     $key_saved = wp_update_user(
@@ -3064 +3067 @@
  * @since 3.1.0
  *
- * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
- *
- * @param string $key       Hash to validate sending user's password.
+ * @param string $key       The password reset key.
  * @param string $login     The user login.
  * @return WP_User|WP_Error WP_User object on success, WP_Error object for invalid or expired keys.
@@ -3075 +3076 @@
     $login
 ) {
-    global $wp_hasher;
-
     $key = preg_replace( '/[^a-z0-9]/i', '', $key );
 
@@ -3091 +3090 @@
     if ( ! $user ) {
         return new WP_Error( 'invalid_key', __( 'Invalid key.' ) );
-    }
-
-    if ( empty( $wp_hasher ) ) {
-        require_once ABSPATH . WPINC . '/class-phpass.php';
-        $wp_hasher = new PasswordHash( 8, true );
     }
 
@@ -3119 +3113 @@
     }
 
-    $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key );
+    $hash_is_correct = wp_verify_fast_hash( $key, $pass_key );
 
     if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
@@ -3134 +3128 @@
         /**
          * Filters the return value of check_password_reset_key() when an
-         * old-style key is used.
+         * old-style key or an expired key is used.
          *
          * @since 3.7.0 Previously plain-text keys were stored in the database.
@@ -3155 +3149 @@
  * @since 5.7.0 Added `$user_login` parameter.
  *
- * @global wpdb         $wpdb      WordPress database abstraction object.
- * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
+ * @global wpdb $wpdb WordPress database abstraction object.
  *
  * @param string $user_login Optional. Username to send a password retrieval email for.
@@ -4937 +4930 @@
  * @since 4.9.6
  *
- * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
- *
  * @param int $request_id Request ID.
  * @return string Confirmation key.
  */
 function wp_generate_user_request_key( $request_id ) {
-    global $wp_hasher;
-
     // Generate something random for a confirmation key.
     $key = wp_generate_password( 20, false );
 
-    // Return the key, hashed.
-    if ( empty( $wp_hasher ) ) {
-        require_once ABSPATH . WPINC . '/class-phpass.php';
-        $wp_hasher = new PasswordHash( 8, true );
-    }
-
+    // Save the key, hashed.
     wp_update_post(
         array(
             'ID'            => $request_id,
             'post_status'   => 'request-pending',
-            'post_password' => $wp_hasher->HashPassword( $key ),
+            'post_password' => wp_fast_hash( $key ),
         )
     );
@@ -4969 +4953 @@
  *
  * @since 4.9.6
- *
- * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
  *
  * @param string $request_id ID of the request being confirmed.
@@ -4981 +4963 @@
     $key
 ) {
-    global $wp_hasher;
-
     $request_id       = absint( $request_id );
     $request          = wp_get_user_request( $request_id );
@@ -5000 +4980 @@
     }
 
-    if ( empty( $wp_hasher ) ) {
-        require_once ABSPATH . WPINC . '/class-phpass.php';
-        $wp_hasher = new PasswordHash( 8, true );
-    }
-
     /**
      * Filters the expiration time of confirm keys.
@@ -5015 +4990 @@
     $expiration_time     = $key_request_time + $expiration_duration;
 
-    if ( ! $wp_hasher->CheckPassword( $key, $saved_key ) ) {
+    if ( ! wp_verify_fast_hash( $key, $saved_key ) ) {
         return new WP_Error( 'invalid_key', __( 'The confirmation key is invalid for this personal data request.' ) );
     }

trunk/tests/phpunit/includes/bootstrap.php

@@ -330 +330 @@
 require __DIR__ . '/class-wp-rest-test-configurable-controller.php';
 require __DIR__ . '/class-wp-fake-block-type.php';
+require __DIR__ . '/class-wp-fake-hasher.php';
 require __DIR__ . '/class-wp-sitemaps-test-provider.php';
 require __DIR__ . '/class-wp-sitemaps-empty-test-provider.php';

trunk/tests/phpunit/tests/auth.php

@@ -11 +11 @@
     const USER_PASS  = 'password';
 
+    /**
+     * @var WP_User
+     */
     protected $user;
 
@@ -17 +20 @@
      */
     protected static $_user;
+
+    /**
+     * @var int
+     */
     protected static $user_id;
+
+    /**
+     * @var PasswordHash
+     */
     protected static $wp_hasher;
+
+    protected static $bcrypt_length_limit = 72;
+
+    protected static $phpass_length_limit = 4096;
+
+    protected static $password_length_limit = 4096;
 
     /**
@@ -90 +107 @@
         $cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'foo' );
         $this->assertFalse( wp_validate_auth_cookie( $cookie, 'bar' ) );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_auth_cookie_generated_with_phpass_hash_remains_valid() {
+        self::set_user_password_with_phpass( 'password', self::$user_id );
+
+        $auth_cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'auth' );
+
+        $this->assertSame( self::$user_id, wp_validate_auth_cookie( $auth_cookie, 'auth' ) );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_auth_cookie_generated_with_plain_bcrypt_hash_remains_valid() {
+        self::set_user_password_with_plain_bcrypt( 'password', self::$user_id );
+
+        $auth_cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'auth' );
+
+        $this->assertSame( self::$user_id, wp_validate_auth_cookie( $auth_cookie, 'auth' ) );
     }
 
@@ -107 +146 @@
             $authed_user = wp_authenticate( $this->user->user_login, $password_to_test );
 
+            $this->assertNotWPError( $authed_user );
             $this->assertInstanceOf( 'WP_User', $authed_user );
             $this->assertSame( $this->user->ID, $authed_user->ID );
@@ -158 +198 @@
         $password = "pass with vertical tab o_O\x0B";
         $this->assertTrue( wp_check_password( 'pass with vertical tab o_O', wp_hash_password( $password ) ) );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_wp_check_password_supports_phpass_hash() {
+        $password = 'password';
+        $hash     = self::$wp_hasher->HashPassword( $password );
+        $this->assertTrue( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+    }
+
+    /**
+     * Ensure wp_check_password() remains compatible with an increase to the default bcrypt cost.
+     *
+     * The test verifies this by reducing the cost used to generate the hash, therefore mimicing a hash
+     * which was generated prior to the default cost being increased.
+     *
+     * Notably the bcrypt cost was increased in PHP 8.4: https://wiki.php.net/rfc/bcrypt_cost_2023 .
+     *
+     * @ticket 21022
+     */
+    public function test_wp_check_password_supports_hash_with_increased_bcrypt_cost() {
+        $password = 'password';
+
+        // Reducing the cost mimics an increase to the default cost.
+        add_filter( 'wp_hash_password_options', array( $this, 'reduce_hash_cost' ) );
+        $hash = wp_hash_password( $password, PASSWORD_BCRYPT );
+        remove_filter( 'wp_hash_password_options', array( $this, 'reduce_hash_cost' ) );
+
+        $this->assertTrue( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+        $this->assertTrue( wp_password_needs_rehash( $hash ) );
+    }
+
+    /**
+     * Ensure wp_check_password() remains compatible with a reduction of the default bcrypt cost.
+     *
+     * The test verifies this by increasing the cost used to generate the hash, therefore mimicing a hash
+     * which was generated prior to the default cost being reduced.
+     *
+     * A reduction of the cost is unlikely to occur but is fully supported.
+     *
+     * @ticket 21022
+     */
+    public function test_wp_check_password_supports_hash_with_reduced_bcrypt_cost() {
+        $password = 'password';
+
+        // Increasing the cost mimics a reduction of the default cost.
+        add_filter( 'wp_hash_password_options', array( $this, 'increase_hash_cost' ) );
+        $hash = wp_hash_password( $password, PASSWORD_BCRYPT );
+        remove_filter( 'wp_hash_password_options', array( $this, 'increase_hash_cost' ) );
+
+        $this->assertTrue( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+        $this->assertTrue( wp_password_needs_rehash( $hash ) );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_wp_check_password_supports_wp_hash_with_default_bcrypt_cost() {
+        $password = 'password';
+
+        $hash = wp_hash_password( $password, PASSWORD_BCRYPT );
+
+        $this->assertTrue( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+        $this->assertFalse( wp_password_needs_rehash( $hash ) );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_wp_check_password_supports_plain_bcrypt_hash_with_default_bcrypt_cost() {
+        $password = 'password';
+
+        $hash = password_hash( $password, PASSWORD_BCRYPT );
+
+        $this->assertTrue( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+        $this->assertTrue( wp_password_needs_rehash( $hash ) );
+    }
+
+    /**
+     * Ensure wp_check_password() is compatible with Argon2i hashes.
+     *
+     * @ticket 21022
+     */
+    public function test_wp_check_password_supports_argon2i_hash() {
+        if ( ! defined( 'PASSWORD_ARGON2I' ) ) {
+            $this->fail( 'Argon2i is not supported.' );
+        }
+
+        $password = 'password';
+        $hash     = password_hash( trim( $password ), PASSWORD_ARGON2I );
+        $this->assertTrue( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+    }
+
+    /**
+     * Ensure wp_check_password() is compatible with Argon2id hashes.
+     *
+     * @requires PHP >= 7.3
+     *
+     * @ticket 21022
+     */
+    public function test_wp_check_password_supports_argon2id_hash() {
+        if ( ! defined( 'PASSWORD_ARGON2ID' ) ) {
+            $this->fail( 'Argon2id is not supported.' );
+        }
+
+        $password = 'password';
+        $hash     = password_hash( trim( $password ), PASSWORD_ARGON2ID );
+        $this->assertTrue( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_wp_check_password_does_not_support_md5_hashes() {
+        $password = 'password';
+        $hash     = md5( $password );
+        $this->assertFalse( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_wp_check_password_does_not_support_plain_text() {
+        $password = 'password';
+        $hash     = $password;
+        $this->assertFalse( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+    }
+
+    /**
+     * @ticket 21022
+     *
+     * @dataProvider data_empty_values
+     * @param mixed $value
+     */
+    public function test_wp_check_password_does_not_support_empty_hash( $value ) {
+        $password = 'password';
+        $hash     = $value;
+        $this->assertFalse( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+    }
+
+    /**
+     * @ticket 21022
+     *
+     * @dataProvider data_empty_values
+     * @param mixed $value
+     */
+    public function test_wp_check_password_does_not_support_empty_password( $value ) {
+        $password = $value;
+        $hash     = $value;
+        $this->assertFalse( wp_check_password( $password, $hash ) );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+    }
+
+    public function data_empty_values() {
+        return array(
+            // Integer zero:
+            array( 0 ),
+            // String zero:
+            array( '0' ),
+            // Zero-length string:
+            array( '' ),
+            // Null byte character:
+            array( "\0" ),
+            // Asterisk values:
+            array( '*' ),
+            array( '*0' ),
+            array( '*1' ),
+        );
     }
 
@@ -236 +455 @@
     }
 
-    public function test_password_length_limit() {
-        $limit = str_repeat( 'a', 4096 );
-
+    /**
+     * @ticket 21022
+     */
+    public function test_password_is_hashed_with_bcrypt() {
+        $password = 'password';
+
+        // Set the user password.
+        wp_set_password( $password, self::$user_id );
+
+        // Ensure the password is hashed with bcrypt.
+        $this->assertStringStartsWith( '$wp$2y$', get_userdata( self::$user_id )->user_pass );
+
+        // Authenticate.
+        $user = wp_authenticate( $this->user->user_login, $password );
+
+        // Verify correct password.
+        $this->assertNotWPError( $user );
+        $this->assertInstanceOf( 'WP_User', $user );
+        $this->assertSame( self::$user_id, $user->ID );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_invalid_password_at_bcrypt_length_limit_is_rejected() {
+        $limit = str_repeat( 'a', self::$bcrypt_length_limit );
+
+        // Set the user password to the bcrypt limit.
         wp_set_password( $limit, self::$user_id );
-        // phpass hashed password.
-        $this->assertStringStartsWith( '$P$', $this->user->data->user_pass );
 
         $user = wp_authenticate( $this->user->user_login, 'aaaaaaaa' );
         // Wrong password.
-        $this->assertInstanceOf( 'WP_Error', $user );
-
+        $this->assertWPError( $user );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_invalid_password_beyond_bcrypt_length_limit_is_rejected() {
+        $limit = str_repeat( 'a', self::$bcrypt_length_limit + 1 );
+
+        // Set the user password beyond the bcrypt limit.
+        wp_set_password( $limit, self::$user_id );
+
+        $user = wp_authenticate( $this->user->user_login, 'aaaaaaaa' );
+        // Wrong password.
+        $this->assertWPError( $user );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_valid_password_at_bcrypt_length_limit_is_accepted() {
+        $limit = str_repeat( 'a', self::$bcrypt_length_limit );
+
+        // Set the user password to the bcrypt limit.
+        wp_set_password( $limit, self::$user_id );
+
+        // Authenticate.
         $user = wp_authenticate( $this->user->user_login, $limit );
+
+        // Correct password.
+        $this->assertNotWPError( $user );
         $this->assertInstanceOf( 'WP_User', $user );
         $this->assertSame( self::$user_id, $user->ID );
-
-        // One char too many.
-        $user = wp_authenticate( $this->user->user_login, $limit . 'a' );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_valid_password_beyond_bcrypt_length_limit_is_accepted() {
+        $limit = str_repeat( 'a', self::$bcrypt_length_limit + 1 );
+
+        // Set the user password beyond the bcrypt limit.
+        wp_set_password( $limit, self::$user_id );
+
+        // Authenticate.
+        $user = wp_authenticate( $this->user->user_login, $limit );
+
+        // Correct password depite its length.
+        $this->assertNotWPError( $user );
+        $this->assertInstanceOf( 'WP_User', $user );
+        $this->assertSame( self::$user_id, $user->ID );
+    }
+
+    /**
+     * A password beyond 72 bytes will be truncated by bcrypt by default and still be accepted.
+     *
+     * This ensures that a truncated password is not accepted by WordPress.
+     *
+     * @ticket 21022
+     */
+    public function test_long_truncated_password_is_rejected() {
+        $at_limit     = str_repeat( 'a', self::$bcrypt_length_limit );
+        $beyond_limit = str_repeat( 'a', self::$bcrypt_length_limit + 1 );
+
+        // Set the user password beyond the bcrypt limit.
+        wp_set_password( $beyond_limit, self::$user_id );
+
+        // Authenticate using a truncated password.
+        $user = wp_authenticate( $this->user->user_login, $at_limit );
+
+        // Incorrect password.
+        $this->assertWPError( $user );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_setting_password_beyond_bcrypt_length_limit_is_rejected() {
+        $beyond_limit = str_repeat( 'a', self::$password_length_limit + 1 );
+
+        // Set the user password beyond the limit.
+        wp_set_password( $beyond_limit, self::$user_id );
+
+        // Password broken by setting it to be too long.
+        $user = get_user_by( 'id', self::$user_id );
+        $this->assertSame( '*', $user->data->user_pass );
+
+        // Password is not accepted.
+        $user = wp_authenticate( $this->user->user_login, $beyond_limit );
+        $this->assertInstanceOf( 'WP_Error', $user );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
+
+        // Placeholder is not accepted.
+        $user = wp_authenticate( $this->user->user_login, '*' );
+        $this->assertInstanceOf( 'WP_Error', $user );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
+    }
+
+    /**
+     * @see https://core.trac.wordpress.org/changeset/30466
+     */
+    public function test_invalid_password_at_phpass_length_limit_is_rejected() {
+        $limit = str_repeat( 'a', self::$phpass_length_limit );
+
+        // Set the user password with the old phpass algorithm.
+        self::set_user_password_with_phpass( $limit, self::$user_id );
+
+        // Authenticate.
+        $user = wp_authenticate( $this->user->user_login, 'aaaaaaaa' );
+
         // Wrong password.
         $this->assertInstanceOf( 'WP_Error', $user );
-
-        wp_set_password( $limit . 'a', self::$user_id );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
+    }
+
+    public function test_valid_password_at_phpass_length_limit_is_accepted() {
+        $limit = str_repeat( 'a', self::$phpass_length_limit );
+
+        // Set the user password with the old phpass algorithm.
+        self::set_user_password_with_phpass( $limit, self::$user_id );
+
+        // Authenticate.
+        $user = wp_authenticate( $this->user->user_login, $limit );
+
+        // Correct password.
+        $this->assertNotWPError( $user );
+        $this->assertInstanceOf( 'WP_User', $user );
+        $this->assertSame( self::$user_id, $user->ID );
+    }
+
+    public function test_too_long_password_at_phpass_length_limit_is_rejected() {
+        $limit = str_repeat( 'a', self::$phpass_length_limit );
+
+        // Set the user password with the old phpass algorithm.
+        self::set_user_password_with_phpass( $limit, self::$user_id );
+
+        // Authenticate with a password that is one character too long.
+        $user = wp_authenticate( $this->user->user_login, $limit . 'a' );
+
+        // Wrong password.
+        $this->assertInstanceOf( 'WP_Error', $user );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
+    }
+
+    public function test_too_long_password_beyond_phpass_length_limit_is_rejected() {
+        // One char too many.
+        $too_long = str_repeat( 'a', self::$phpass_length_limit + 1 );
+
+        // Set the user password with the old phpass algorithm.
+        self::set_user_password_with_phpass( $too_long, self::$user_id );
+
         $user = get_user_by( 'id', self::$user_id );
         // Password broken by setting it to be too long.
         $this->assertSame( '*', $user->data->user_pass );
 
+        // Password is not accepted.
         $user = wp_authenticate( $this->user->user_login, '*' );
         $this->assertInstanceOf( 'WP_Error', $user );
-
-        $user = wp_authenticate( $this->user->user_login, '*0' );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
+    }
+
+    /**
+     * @dataProvider data_empty_values
+     * @param mixed $value
+     */
+    public function test_empty_password_is_rejected_by_bcrypt( $value ) {
+        // Set the user password.
+        wp_set_password( 'password', self::$user_id );
+
+        $user = wp_authenticate( $this->user->user_login, $value );
         $this->assertInstanceOf( 'WP_Error', $user );
-
-        $user = wp_authenticate( $this->user->user_login, '*1' );
+    }
+
+    /**
+     * @dataProvider data_empty_values
+     * @param mixed $value
+     */
+    public function test_empty_password_is_rejected_by_phpass( $value ) {
+        // Set the user password with the old phpass algorithm.
+        self::set_user_password_with_phpass( 'password', self::$user_id );
+
+        $user = wp_authenticate( $this->user->user_login, $value );
         $this->assertInstanceOf( 'WP_Error', $user );
+    }
+
+    public function test_incorrect_password_is_rejected_by_phpass() {
+        // Set the user password with the old phpass algorithm.
+        self::set_user_password_with_phpass( 'password', self::$user_id );
 
         $user = wp_authenticate( $this->user->user_login, 'aaaaaaaa' );
+
         // Wrong password.
         $this->assertInstanceOf( 'WP_Error', $user );
-
-        $user = wp_authenticate( $this->user->user_login, $limit );
-        // Wrong password.
-        $this->assertInstanceOf( 'WP_Error', $user );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
+    }
+
+    public function test_too_long_password_is_rejected_by_phpass() {
+        $limit = str_repeat( 'a', self::$phpass_length_limit );
+
+        // Set the user password with the old phpass algorithm.
+        self::set_user_password_with_phpass( 'password', self::$user_id );
 
         $user = wp_authenticate( $this->user->user_login, $limit . 'a' );
+
         // Password broken by setting it to be too long.
         $this->assertInstanceOf( 'WP_Error', $user );
+        $this->assertSame( 'incorrect_password', $user->get_error_code() );
     }
 
@@ -307 +723 @@
             $wpdb->users,
             array(
-                'user_activation_key' => strtotime( '-1 hour' ) . ':' . self::$wp_hasher->HashPassword( $key ),
+                'user_activation_key' => strtotime( '-1 hour' ) . ':' . wp_fast_hash( $key ),
             ),
             array(
@@ -345 +761 @@
             $wpdb->users,
             array(
-                'user_activation_key' => strtotime( '-48 hours' ) . ':' . self::$wp_hasher->HashPassword( $key ),
+                'user_activation_key' => strtotime( '-48 hours' ) . ':' . wp_fast_hash( $key ),
             ),
             array(
@@ -356 +772 @@
         $check = check_password_reset_key( $key, $this->user->user_login );
         $this->assertInstanceOf( 'WP_Error', $check );
+        $this->assertSame( 'expired_key', $check->get_error_code() );
     }
 
@@ -394 +811 @@
         $check = check_password_reset_key( $key, $this->user->user_login );
         $this->assertInstanceOf( 'WP_Error', $check );
+        $this->assertSame( 'expired_key', $check->get_error_code() );
 
         // An empty key with a legacy user_activation_key should be rejected.
         $check = check_password_reset_key( '', $this->user->user_login );
         $this->assertInstanceOf( 'WP_Error', $check );
+        $this->assertSame( 'invalid_key', $check->get_error_code() );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_phpass_user_activation_key_is_allowed() {
+        global $wpdb;
+
+        // A legacy user_activation_key is one hashed using phpass between WordPress 4.3 and 6.8.0.
+
+        $key = wp_generate_password( 20, false );
+        $wpdb->update(
+            $wpdb->users,
+            array(
+                'user_activation_key' => strtotime( '-1 hour' ) . ':' . self::$wp_hasher->HashPassword( $key ),
+            ),
+            array(
+                'ID' => $this->user->ID,
+            )
+        );
+        clean_user_cache( $this->user );
+
+        // A legacy phpass user_activation_key should remain valid.
+        $check = check_password_reset_key( $key, $this->user->user_login );
+        $this->assertNotWPError( $check );
+        $this->assertInstanceOf( 'WP_User', $check );
+        $this->assertSame( $this->user->ID, $check->ID );
+
+        // An empty key with a legacy user_activation_key should be rejected.
+        $check = check_password_reset_key( '', $this->user->user_login );
+        $this->assertWPError( $check );
+        $this->assertSame( 'invalid_key', $check->get_error_code() );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_expired_phpass_user_activation_key_is_rejected() {
+        global $wpdb;
+
+        // A legacy user_activation_key is one hashed using phpass between WordPress 4.3 and 6.8.0.
+
+        $key = wp_generate_password( 20, false );
+        $wpdb->update(
+            $wpdb->users,
+            array(
+                'user_activation_key' => strtotime( '-48 hours' ) . ':' . self::$wp_hasher->HashPassword( $key ),
+            ),
+            array(
+                'ID' => $this->user->ID,
+            )
+        );
+        clean_user_cache( $this->user );
+
+        // A legacy phpass user_activation_key should still be subject to an expiry check.
+        $check = check_password_reset_key( $key, $this->user->user_login );
+        $this->assertWPError( $check );
+        $this->assertSame( 'expired_key', $check->get_error_code() );
+
+        // An empty key with a legacy user_activation_key should be rejected.
+        $check = check_password_reset_key( '', $this->user->user_login );
+        $this->assertWPError( $check );
+        $this->assertSame( 'invalid_key', $check->get_error_code() );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_user_request_key_handling() {
+        $request_id = wp_create_user_request( 'test@example.com', 'remove_personal_data' );
+        $key        = wp_generate_user_request_key( $request_id );
+
+        // A valid key should be accepted.
+        $check = wp_validate_user_request_key( $request_id, $key );
+        $this->assertNotWPError( $check );
+        $this->assertTrue( $check );
+
+        // An invalid key should rejected.
+        $check = wp_validate_user_request_key( $request_id, 'invalid' );
+        $this->assertWPError( $check );
+        $this->assertSame( 'invalid_key', $check->get_error_code() );
+
+        // An empty key should be rejected.
+        $check = wp_validate_user_request_key( $request_id, '' );
+        $this->assertWPError( $check );
+        $this->assertSame( 'missing_key', $check->get_error_code() );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_phpass_user_request_key_is_allowed() {
+        // A legacy user request key is one hashed using phpass between WordPress 4.3 and 6.8.0.
+
+        $request_id = wp_create_user_request( 'test@example.com', 'remove_personal_data' );
+        $key        = wp_generate_password( 20, false );
+
+        wp_update_post(
+            array(
+                'ID'            => $request_id,
+                'post_password' => self::$wp_hasher->HashPassword( $key ),
+            )
+        );
+
+        // A legacy phpass key should remain valid.
+        $check = wp_validate_user_request_key( $request_id, $key );
+        $this->assertNotWPError( $check );
+        $this->assertTrue( $check );
+
+        // An empty key with a legacy key should be rejected.
+        $check = wp_validate_user_request_key( $request_id, '' );
+        $this->assertWPError( $check );
+        $this->assertSame( 'missing_key', $check->get_error_code() );
+    }
+
+    /**
+     * The `wp_password_needs_rehash()` function is just a wrapper around `password_needs_rehash()`, but this ensures
+     * that it works as expected.
+     *
+     * Notably the bcrypt cost was increased in PHP 8.4: https://wiki.php.net/rfc/bcrypt_cost_2023 .
+     *
+     * @ticket 21022
+     */
+    public function check_password_needs_rehashing() {
+        $password = 'password';
+
+        // Current password hashing algorithm.
+        $hash = wp_hash_password( $password );
+        $this->assertFalse( wp_password_needs_rehash( $hash ) );
+
+        // A future upgrade from a previously lower cost.
+        $default = self::get_default_bcrypt_cost();
+        $opts    = array(
+            // Reducing the cost mimics an increase in the default cost.
+            'cost' => $default - 1,
+        );
+        $hash    = password_hash( $password, PASSWORD_BCRYPT, $opts );
+        $this->assertTrue( wp_password_needs_rehash( $hash ) );
+
+        // Previous phpass algorithm.
+        $hash = self::$wp_hasher->HashPassword( $password );
+        $this->assertTrue( wp_password_needs_rehash( $hash ) );
+
+        // o_O md5.
+        $hash = md5( $password );
+        $this->assertTrue( wp_password_needs_rehash( $hash ) );
     }
 
@@ -456 +1021 @@
         $this->assertEmpty( $user->user_activation_key, 'The `user_activation_key` was not empty on the user object returned by `wp_signon()` function.' );
         $this->assertEmpty( $activation_key_from_database, 'The `user_activation_key` was not empty in the database.' );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_phpass_application_password_is_accepted() {
+        add_filter( 'application_password_is_api_request', '__return_true' );
+        add_filter( 'wp_is_application_passwords_available', '__return_true' );
+
+        $password = 'password';
+
+        // Set an application password with the old phpass algorithm.
+        $uuid = self::set_application_password_with_phpass( $password, self::$user_id );
+
+        // Authenticate.
+        $user = wp_authenticate_application_password( null, self::USER_LOGIN, $password );
+
+        // Verify that the phpass hash for the application password was valid.
+        $this->assertNotWPError( $user );
+        $this->assertInstanceOf( 'WP_User', $user );
+        $this->assertSame( self::$user_id, $user->ID );
+    }
+
+    /**
+     * @dataProvider data_usernames
+     *
+     * @ticket 21022
+     */
+    public function test_phpass_password_is_rehashed_after_successful_user_password_authentication( $username_or_email ) {
+        $password = 'password';
+
+        // Set the user password with the old phpass algorithm.
+        self::set_user_password_with_phpass( $password, self::$user_id );
+
+        // Verify that the password needs rehashing.
+        $hash = get_userdata( self::$user_id )->user_pass;
+        $this->assertTrue( wp_password_needs_rehash( $hash, self::$user_id ) );
+
+        // Authenticate.
+        $user = wp_authenticate( $username_or_email, $password );
+
+        // Verify that the phpass password hash was valid.
+        $this->assertNotWPError( $user );
+        $this->assertInstanceOf( 'WP_User', $user );
+        $this->assertSame( self::$user_id, $user->ID );
+
+        // Verify that the password no longer needs rehashing.
+        $hash = get_userdata( self::$user_id )->user_pass;
+        $this->assertFalse( wp_password_needs_rehash( $hash, self::$user_id ) );
+
+        // Authenticate a second time to ensure the new hash is valid.
+        $user = wp_authenticate( $username_or_email, $password );
+
+        // Verify that the bcrypt password hash is valid.
+        $this->assertNotWPError( $user );
+        $this->assertInstanceOf( 'WP_User', $user );
+        $this->assertSame( self::$user_id, $user->ID );
+    }
+
+    /**
+     * @dataProvider data_usernames
+     *
+     * @ticket 21022
+     */
+    public function test_bcrypt_password_is_rehashed_with_new_cost_after_successful_user_password_authentication( $username_or_email ) {
+        $password = 'password';
+
+        // Hash the user password with a lower cost than default to mimic a cost upgrade.
+        add_filter( 'wp_hash_password_options', array( $this, 'reduce_hash_cost' ) );
+        wp_set_password( $password, self::$user_id );
+        remove_filter( 'wp_hash_password_options', array( $this, 'reduce_hash_cost' ) );
+
+        // Verify that the password needs rehashing.
+        $hash = get_userdata( self::$user_id )->user_pass;
+        $this->assertTrue( wp_password_needs_rehash( $hash, self::$user_id ) );
+
+        // Authenticate.
+        $user = wp_authenticate( $username_or_email, $password );
+
+        // Verify that the reduced cost password hash was valid.
+        $this->assertNotWPError( $user );
+        $this->assertInstanceOf( 'WP_User', $user );
+        $this->assertSame( self::$user_id, $user->ID );
+
+        // Verify that the password has been rehashed with the increased cost.
+        $hash = get_userdata( self::$user_id )->user_pass;
+        $this->assertFalse( wp_password_needs_rehash( $hash, self::$user_id ) );
+        $this->assertSame( self::get_default_bcrypt_cost(), password_get_info( substr( $hash, 3 ) )['options']['cost'] );
+
+        // Authenticate a second time to ensure the new hash is valid.
+        $user = wp_authenticate( $username_or_email, $password );
+
+        // Verify that the password hash is valid.
+        $this->assertNotWPError( $user );
+        $this->assertInstanceOf( 'WP_User', $user );
+        $this->assertSame( self::$user_id, $user->ID );
+    }
+
+    public function reduce_hash_cost( array $options ): array {
+        $options['cost'] = self::get_default_bcrypt_cost() - 1;
+        return $options;
+    }
+
+    public function increase_hash_cost( array $options ): array {
+        $options['cost'] = self::get_default_bcrypt_cost() + 1;
+        return $options;
+    }
+
+    public function data_usernames() {
+        return array(
+            array(
+                self::USER_LOGIN,
+            ),
+            array(
+                self::USER_EMAIL,
+            ),
+        );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_password_rehashing_requirement_can_be_filtered() {
+        $filter_count_before = did_filter( 'password_needs_rehash' );
+
+        wp_password_needs_rehash( '$hash' );
+
+        $this->assertSame( $filter_count_before + 1, did_filter( 'password_needs_rehash' ) );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_password_hashing_algorithm_can_be_filtered() {
+        $password = 'password';
+
+        $filter_count_before = did_filter( 'wp_hash_password_algorithm' );
+
+        $wp_hash = wp_hash_password( $password );
+
+        wp_check_password( $password, $wp_hash );
+        wp_password_needs_rehash( $wp_hash );
+
+        $this->assertSame( $filter_count_before + 2, did_filter( 'wp_hash_password_algorithm' ) );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_password_hashing_options_can_be_filtered() {
+        $password = 'password';
+
+        add_filter(
+            'wp_hash_password_options',
+            static function ( $options ) {
+                $options['cost'] = 5;
+                return $options;
+            }
+        );
+
+        $filter_count_before = did_filter( 'wp_hash_password_options' );
+
+        $wp_hash      = wp_hash_password( $password );
+        $valid        = wp_check_password( $password, $wp_hash );
+        $needs_rehash = wp_password_needs_rehash( $wp_hash );
+        $info         = password_get_info( substr( $wp_hash, 3 ) );
+        $cost         = $info['options']['cost'];
+
+        $this->assertTrue( $valid );
+        $this->assertFalse( $needs_rehash );
+        $this->assertSame( $filter_count_before + 2, did_filter( 'wp_hash_password_options' ) );
+        $this->assertSame( 5, $cost );
+    }
+
+    /**
+     * @ticket 21022
+     */
+    public function test_password_checks_support_wp_hasher_fallback() {
+        global $wp_hasher;
+
+        $filter_count_before = did_filter( 'wp_hash_password_options' );
+
+        $password = 'password';
+
+        // Ensure the global $wp_hasher is set.
+        $wp_hasher = new WP_Fake_Hasher();
+
+        $hasher_hash  = $wp_hasher->HashPassword( $password );
+        $wp_hash      = wp_hash_password( $password );
+        $valid        = wp_check_password( $password, $wp_hash );
+        $needs_rehash = wp_password_needs_rehash( $wp_hash );
+
+        // Reset the global $wp_hasher.
+        $wp_hasher = null;
+
+        $this->assertSame( $hasher_hash, $wp_hash );
+        $this->assertTrue( $valid );
+        $this->assertFalse( $needs_rehash );
+        $this->assertSame( 1, did_filter( 'check_password' ) );
+        $this->assertSame( $filter_count_before, did_filter( 'wp_hash_password_options' ) );
     }
 
@@ -704 +1469 @@
      */
     public function test_authenticate_application_password_respects_existing_user() {
-        $this->assertSame( self::$_user, wp_authenticate_application_password( self::$_user, self::$_user->user_login, 'password' ) );
+        $user = wp_authenticate_application_password( self::$_user, self::$_user->user_login, 'password' );
+        $this->assertNotWPError( $user );
+        $this->assertSame( self::$_user, $user );
     }
 
@@ -713 +1480 @@
         add_filter( 'application_password_is_api_request', '__return_false' );
 
-        $this->assertNull( wp_authenticate_application_password( null, self::$_user->user_login, 'password' ) );
+        $user = wp_authenticate_application_password( null, self::$_user->user_login, 'password' );
+        $this->assertNotWPError( $user );
+        $this->assertNull( $user );
     }
 
@@ -806 +1575 @@
 
         $user = wp_authenticate_application_password( null, self::$_user->user_login, $password );
+        $this->assertNotWPError( $user );
         $this->assertInstanceOf( WP_User::class, $user );
         $this->assertSame( self::$user_id, $user->ID );
@@ -820 +1590 @@
 
         $user = wp_authenticate_application_password( null, self::$_user->user_email, $password );
+        $this->assertNotWPError( $user );
         $this->assertInstanceOf( WP_User::class, $user );
         $this->assertSame( self::$user_id, $user->ID );
@@ -834 +1605 @@
 
         $user = wp_authenticate_application_password( null, self::$_user->user_email, WP_Application_Passwords::chunk_password( $password ) );
+        $this->assertNotWPError( $user );
         $this->assertInstanceOf( WP_User::class, $user );
         $this->assertSame( self::$user_id, $user->ID );
@@ -845 +1617 @@
 
         $authenticated = wp_authenticate_application_password( null, 'idonotexist', 'password' );
+        $this->assertNotWPError( $authenticated );
         $this->assertNull( $authenticated );
     }
@@ -968 +1741 @@
         $this->assertSame( $_SERVER['PHP_AUTH_PW'], 'pass:word' );
     }
+
+    /**
+     * Test the tests
+     *
+     * @covers Tests_Auth::set_user_password_with_phpass
+     *
+     * @ticket 21022
+     */
+    public function test_set_user_password_with_phpass() {
+        // Set the user password with the old phpass algorithm.
+        self::set_user_password_with_phpass( 'password', self::$user_id );
+
+        // Ensure the password is hashed with phpass.
+        $hash = get_userdata( self::$user_id )->user_pass;
+        $this->assertStringStartsWith( '$P$', $hash );
+    }
+
+    private static function set_user_password_with_phpass( string $password, int $user_id ) {
+        global $wpdb;
+
+        $wpdb->update(
+            $wpdb->users,
+            array(
+                'user_pass' => self::$wp_hasher->HashPassword( $password ),
+            ),
+            array(
+                'ID' => $user_id,
+            )
+        );
+        clean_user_cache( $user_id );
+    }
+
+
+    /**
+     * Test the tests
+     *
+     * @covers Tests_Auth::set_user_password_with_plain_bcrypt
+     *
+     * @ticket 21022
+     */
+    public function test_set_user_password_with_plain_bcrypt() {
+        // Set the user password with plain bcrypt.
+        self::set_user_password_with_plain_bcrypt( 'password', self::$user_id );
+
+        // Ensure the password is hashed with bcrypt.
+        $hash = get_userdata( self::$user_id )->user_pass;
+        $this->assertStringStartsWith( '$2y$', $hash );
+    }
+
+    private static function set_user_password_with_plain_bcrypt( string $password, int $user_id ) {
+        global $wpdb;
+
+        $wpdb->update(
+            $wpdb->users,
+            array(
+                'user_pass' => password_hash( 'password', PASSWORD_BCRYPT ),
+            ),
+            array(
+                'ID' => $user_id,
+            )
+        );
+        clean_user_cache( $user_id );
+    }
+
+    /**
+     * Test the tests
+     *
+     * @covers Tests_Auth::set_application_password_with_phpass
+     *
+     * @ticket 21022
+     */
+    public function test_set_application_password_with_phpass() {
+        // Set an application password with the old phpass algorithm.
+        $uuid = self::set_application_password_with_phpass( 'password', self::$user_id );
+
+        // Ensure the password is hashed with phpass.
+        $hash = WP_Application_Passwords::get_user_application_password( self::$user_id, $uuid )['password'];
+        $this->assertStringStartsWith( '$P$', $hash );
+    }
+
+    private static function set_application_password_with_phpass( string $password, int $user_id ) {
+        $uuid = wp_generate_uuid4();
+        $item = array(
+            'uuid'      => $uuid,
+            'app_id'    => '',
+            'name'      => 'Test',
+            'password'  => self::$wp_hasher->HashPassword( $password ),
+            'created'   => time(),
+            'last_used' => null,
+            'last_ip'   => null,
+        );
+
+        $saved = update_user_meta(
+            $user_id,
+            WP_Application_Passwords::USERMETA_KEY_APPLICATION_PASSWORDS,
+            array( $item )
+        );
+
+        if ( ! $saved ) {
+            throw new Exception( 'Could not save application password.' );
+        }
+
+        update_network_option( get_main_network_id(), WP_Application_Passwords::OPTION_KEY_IN_USE, true );
+
+        return $uuid;
+    }
+
+    private static function get_default_bcrypt_cost(): int {
+        $hash = password_hash( 'password', PASSWORD_BCRYPT );
+        $info = password_get_info( $hash );
+
+        return $info['options']['cost'];
+    }
 }

trunk/tests/phpunit/tests/pluggable/signatures.php

@@ -215 +215 @@
             'wp_check_password'               => array(
                 'password',
+                'hash',
+                'user_id' => '',
+            ),
+            'wp_password_needs_rehash'        => array(
                 'hash',
                 'user_id' => '',

trunk/tests/phpunit/tests/user/passwordHash.php

@@ -3 +3 @@
 /**
  * Tests for the PasswordHash external library.
+ *
+ * PasswordHash is no longer used to hash user passwords or security keys, but it is still used to
+ * hash post passwords and as a fallback to verify old passwords that were hashed by phpass. The
+ * library therefore needs to remain compatible with the latest versions of PHP.
  *
  * @covers PasswordHash