Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #21022, comment 153


Ignore:
Timestamp:
11/21/2024 02:42:54 PM (3 months ago)
Author:
haozi
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21022, comment 153

    initial v1  
    1 Please refer OWASP's documentation [https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords-with-bcrypt], they don't recommend pre-hashing passwords when using bcrypt.
     1Please refer OWASP's documentation [https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords-with-bcrypt], they don't recommend pre-hashing passwords when using bcrypt, including use base64 to encoding the sha hash result.
    22
    33Perhaps we can add input length restrictions to prevent users from using too long passwords?