Changes between Initial Version and Version 125 of Ticket #21022
- Timestamp:
- 08/01/2020 07:05:47 PM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21022
- Property Cc info@… tom@… mike@… ian_dunn@… travis@… joseph@… frederick.ding@… j@… jorge@… added
-
Property
Summary
changed from
Allow bcrypt to be enabled via filter for pass hashing
toUse bcrypt for password hashing; updating old hashes
-
Property
Milestone
changed from
Awaiting Review
toFuture Release
- Property Keywords 2nd-opinion has-patch needs-testing added
-
Property
Severity
changed from
normal
tomajor
-
Ticket #21022 – Description
initial v125 6 6 7 7 Thus I would propose to change in wp-includes/pluggable.php all occurances of 8 8 {{{ 9 9 $wp_hasher = new PasswordHash(8, true); 10 10 }}} 11 11 to 12 12 {{{ 13 13 $wp_hasher = new PasswordHash(8, apply_filters('phpass_compatibility_mode', true)); 14 14 }}} 15 15 This would allow users to easily change via plugin from the "not so secure" compatibility mode (only salted MD5) of phpass to a more secure setting (bcrypt) in case no compatibility with other applications is required. 16 16 17 17 The plugin changing the encryption methog could then as easy as 18 18 {{{ 19 19 function phpass_bcrypt() { 20 20 return false; 21 21 } 22 22 add_filter('phpass_compatibility_mode', 'phpass_bcrypt'); 23 }}}