Hacker News new | past | comments | ask | show | jobs | submit login

Wordpress defiantly encrypt there passwords in some unreversable format using a salt.

I don't think SSL is really necessary for a community site like the wordpress one.




Ugh. I wish there was some kind of voting undo. (I accidentally upvoted you.)

First: I assume you mean that Wordpress _definitely_ encrypts their passwords, not defiantly.

Second: What is your proof they they are hashing passwords, salted or not?


From the source code of Wordpress MU:

   // If the stored hash is longer than an MD5, presume the
        // new style phpass portable hash.
        if ( empty($wp_hasher) ) {
                require_once( ABSPATH . 'wp-includes/class-phpass.php');
                // By default, use the portable hash from phpass
                $wp_hasher = new PasswordHash(8, TRUE);
        }




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: