What's more shocking is that not only are they not using bcrypt, they're still u... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jammycakes on March 1, 2016 | parent | context | favorite | on: Improving WordPress Password Security

What's more shocking is that not only are they not using bcrypt, they're still using MD5.

Correct me if I'm wrong, but aren't there organisations being prosecuted in some jurisdictions for having password security that weak?

anexprogrammer on March 1, 2016 [–]

Wouldn't surprise me, it's had lots of exposure with all the data leaks. I last looked at passwords sometime in 2010 off the back of the infamous "use bcrypt" post.

Just skimmed the WP ticket, what a horrible amount of effort to cover an edge case of people regressing to a 4 years past dead PHP version.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact