Changes between Version 1 and Version 2 of Ticket #21022, comment 171
- Timestamp:
- 11/22/2024 02:01:31 AM (4 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21022, comment 171
v1 v2 1 1 I maintain a [https://wordpress.org/plugins/password-hash/ WordPress plugin] does this as well. It intentionally does not pre-hash passwords, and ignore the password length (because it also supports Argon2 with a PHP constant config). 2 2 3 I think the PR looks great as-is, and I really want to vote with the strongest -1 I can muster to not pre-hash, pepper, encrypt, or hmac the passwords.3 I think the PR looks great as-is, and I really want to vote with the strongest -1 I can muster against pre-hash, pepper, encrypt, or hmac the passwords. 4 4 5 5 - The point of that plugin is to ''upgrade'' to bcrypt, and not to roll our own way of hashing passwords. Totally agreeing and echoing what @johnbillion said in comment:161.