Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Better password hashing #8

Closed
markkap opened this issue Aug 26, 2018 · 2 comments
Closed

Better password hashing #8

markkap opened this issue Aug 26, 2018 · 2 comments

Comments

@markkap
Copy link

@markkap markkap commented Aug 26, 2018

Use whatever is the "state of art" for PHP 7.0

@markkap markkap added this to the 1.0.0 milestone Sep 2, 2018
@markkap
Copy link
Author

@markkap markkap commented Oct 17, 2018

Changes in hashing algorithm are Inspired by https://github.com/roots/wp-password-bcrypt

The hashing algorithm uses whatever setting PHP recommends as "best" for the specific PHP version on which calmPress runs.

It includes a seamless "translation" from older hash formats into new ones.

@markkap
Copy link
Author

@markkap markkap commented Oct 18, 2018

The less than obvious backward compatibility break here is that users will not be able to use md5-ing a password via phpmyadmin to change the password, and there is no obvious replacement on phpmyadmin side.

markkap added a commit that referenced this issue Oct 18, 2018
@markkap markkap closed this Oct 18, 2018
markkap added a commit that referenced this issue Jan 17, 2019
…ckward compatibility #8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant