內容簡介
WordPress 使用 phpass 來存儲密碼。為了讓 WordPress 在各處運作,它使用便攜式版本的 phpass,
這個版本使用 MD5 來哈希密碼。MD5 不是用於密碼哈希的非常好的算法,因為它相對來說很快。
這個外掛程式可以切換到 phpass 推薦的演算法 bcrypt,作為密碼存儲的更好選擇,因為它生產速度相對很慢。這讓獲取您的哈希密碼的攻擊者更難通過暴力攻擊或從字典中嘗試密碼獲取明文密碼。
注意:此外掛程式需要 PHP 5.3.0 或更高版本。
請注意,如果您使用此外掛程式並轉移到不支援 bcrypt 的主機,您需要重設任何您要用來登錄的使用者帳戶。
外掛標籤
開發者團隊
原文外掛簡介
WordPress uses phpass to store passwords. Because WordPress has to work everywere, it uses the portable version of phpass,
which uses MD5 to hash passwords. MD5 is not a very good hashing algorithm for passwords, because it’s relatively fast.
This plugin switches over to bcrypt, which is the algorithm recommended by phpass, and is a much better option for password
storage because it is much slower to produce. This makes it much harder for an attacker who’s managed to access your hashed
passwords to obtain plain text passwords by brute-forcing, or by trying passwords from a dictionary.
Note: this plugin requires PHP 5.3.0 or newer
Be aware that if you use this plugin and then move to a host that does not support bcrypt, you will need to reset any user
account that you want to log in with.
