WordPress.org

Make WordPress Core

Opened 6 months ago

Last modified 2 weeks ago

#51549 new enhancement

Update to phpass 0.5

Reported by: ayeshrajans Owned by:
Milestone: 5.8 Priority: normal
Severity: normal Version:
Component: External Libraries Keywords: has-patch 2nd-opinion
Focuses: Cc:

Description

WordPress currently uses PHPass library version 0.3.

This is over 10 years old now, and the latest version is 0.5. It doesn't dramatically improve the password hashing mechanism as it would have with a password_hash migration. However, I believe updating 0.5 still brings some strict comparison improvements made in the new version.

https://www.openwall.com/phpass/

WordPress's copy of phpass was modified over time.

All changes need to be rebased to the version 0.5 as well.
(patch to follow)

Attachments (1)

51549.patch (6.3 KB) - added by ayeshrajans 6 months ago.
Updated to phpass 0.5 from upstream, and applied wp-specific customizations

Download all attachments as: .zip

Change History (4)

@ayeshrajans
6 months ago

Updated to phpass 0.5 from upstream, and applied wp-specific customizations

#1 @ayeshrajans
6 months ago

  • Summary changed from Updat to phpass 0.5 to Update to phpass 0.5

#3 @Hareesh Pillai
2 weeks ago

  • Milestone changed from Awaiting Review to 5.8

Requesting security feedback on this one so that we could move it forward.

Note: See TracTickets for help on using tickets.