WordPress.org

Make WordPress Core

Changes between Initial Version and Version 125 of Ticket #21022


Ignore:
Timestamp:
08/01/2020 07:05:47 PM (15 months ago)
Author:
SergeyBiryukov
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21022

    • Property Cc info@… tom@… mike@… ian_dunn@… travis@… joseph@… frederick.ding@… j@… jorge@… added
    • Property Summary changed from Allow bcrypt to be enabled via filter for pass hashing to Use bcrypt for password hashing; updating old hashes
    • Property Milestone changed from Awaiting Review to Future Release
    • Property Keywords 2nd-opinion has-patch needs-testing added
    • Property Severity changed from normal to major
  • Ticket #21022 – Description

    initial v125  
    66
    77Thus I would propose to change in wp-includes/pluggable.php all occurances of
    8 
     8{{{
    99$wp_hasher = new PasswordHash(8, true);
    10 
     10}}}
    1111to
    12 
     12{{{
    1313$wp_hasher = new PasswordHash(8, apply_filters('phpass_compatibility_mode', true));
    14 
     14}}}
    1515This would allow users to easily change via plugin from the "not so secure" compatibility mode (only salted MD5) of phpass to a more secure setting (bcrypt) in case no compatibility with other applications is required.
    1616
    1717The plugin changing the encryption methog could then as easy as
    18 
     18{{{
    1919function phpass_bcrypt() {
    2020        return false;
    2121}
    2222add_filter('phpass_compatibility_mode', 'phpass_bcrypt');
     23}}}