WordPress.org

Make WordPress Core

Changes between Version 1 and Version 2 of Ticket #21022, comment 121


Ignore:
Timestamp:
09/18/2019 06:54:09 AM (23 months ago)
Author:
mbijon
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21022, comment 121

    v1 v2  
    2121In attacker terms, once they get past "easy" rainbow/shortening/lengthening/collision vulnerabilities they're left with brute force. On a GPU bcrypt's default setup/lengthening/salting yields <1,000 attempts/second. On the same GPU, SHA hashing yields ~1,000,000,000 attempts/second.
    2222
    23 I can't help but worry your bcrypt-sha512-base64 solution will make jumping to `PASSWORD-DEFAULT` harder @paragoninitiativeenterprises. But heck! it's still 10^6 better than SHA, and way closer to vanilla `password_hash()` than we have now.
     23I can't help but worry your bcrypt-sha512-base64 solution will make jumping to `PASSWORD-DEFAULT` harder @paragoninitiativeenterprises. But heck! it's still 10^6^ better than SHA, and way closer to vanilla `password_hash()` than we have now.