#21022 Switch to using bcrypt for hashing passwords

composer.json

@@ -10,6 +10,7 @@
 		"issues": "https://core.trac.wordpress.org/"
 	},
 	"require": {
+		"ext-hash": "*",
 		"ext-json": "*",
 		"php": ">=7.2.24"
 	},

src/wp-admin/includes/class-wp-site-health.php

@@ -923,7 +923,7 @@ public function get_test_php_extensions() {
 			),
 			'hash'      => array(
 				'function' => 'hash',
-				'required' => false,
+				'required' => true,
 			),
 			'imagick'   => array(
 				'extension' => 'imagick',

src/wp-admin/includes/upgrade.php

@@ -965,6 +965,7 @@ function upgrade_101() {
  *
  * @ignore
  * @since 1.2.0
+ * Since x.y.z User passwords are no longer hashed with md5.
  *
  * @global wpdb $wpdb WordPress database abstraction object.
  */
@@ -980,13 +981,6 @@ function upgrade_110() {
 		}
 	}
 
-	$users = $wpdb->get_results( "SELECT ID, user_pass from $wpdb->users" );
-	foreach ( $users as $row ) {
-		if ( ! preg_match( '/^[A-Fa-f0-9]{32}$/', $row->user_pass ) ) {
-			$wpdb->update( $wpdb->users, array( 'user_pass' => md5( $row->user_pass ) ), array( 'ID' => $row->ID ) );
-		}
-	}
-
 	// Get the GMT offset, we'll use that later on.
 	$all_options = get_alloptions_110();
 

src/wp-includes/class-wp-application-passwords.php

@@ -60,6 +60,7 @@ public static function is_in_use() {
 	 *
 	 * @since 5.6.0
 	 * @since 5.7.0 Returns WP_Error if application name already exists.
+	 * @since x.y.z The hashed password value now uses wp_fast_hash() instead of phpass.
 	 *
 	 * @param int   $user_id  User ID.
 	 * @param array $args     {
@@ -95,7 +96,7 @@ public static function create_new_application_password( $user_id, $args = array(
 		}
 
 		$new_password    = wp_generate_password( static::PW_LENGTH, false );
-		$hashed_password = wp_hash_password( $new_password );
+		$hashed_password = self::hash_password( $new_password );
 
 		$new_item = array(
 			'uuid'      => wp_generate_uuid4(),
@@ -124,6 +125,7 @@ public static function create_new_application_password( $user_id, $args = array(
 		 * Fires when an application password is created.
 		 *
 		 * @since 5.6.0
+		 * @since x.y.z @since x.y.z The hashed password value now uses wp_fast_hash() instead of phpass.
 		 *
 		 * @param int    $user_id      The user ID.
 		 * @param array  $new_item     {
@@ -249,6 +251,7 @@ public static function application_name_exists_for_user( $user_id, $name ) {
 	 * Updates an application password.
 	 *
 	 * @since 5.6.0
+	 * @since x.y.z The actual password should now be hashed using wp_fast_hash().
 	 *
 	 * @param int    $user_id User ID.
 	 * @param string $uuid    The password's UUID.
@@ -284,6 +287,11 @@ public static function update_application_password( $user_id, $uuid, $update = a
 				$save         = true;
 			}
 
+			if ( ! empty( $update['password'] ) && $item['password'] !== $update['password'] ) {
+				$item['password'] = $update['password'];
+				$save             = true;
+			}
+
 			if ( $save ) {
 				$saved = static::set_user_application_passwords( $user_id, $passwords );
 
@@ -296,6 +304,8 @@ public static function update_application_password( $user_id, $uuid, $update = a
 			 * Fires when an application password is updated.
 			 *
 			 * @since 5.6.0
+			 * @since x.y.z The password is now hashed using wp_fast_hash() instead of phpass.
+			 *              Existing passwords may still be hashed using phpass.
 			 *
 			 * @param int   $user_id The user ID.
 			 * @param array $item    {
@@ -464,4 +474,45 @@ public static function chunk_password( $raw_password ) {
 
 		return trim( chunk_split( $raw_password, 4, ' ' ) );
 	}
+
+	/**
+	 * Hashes a plaintext application password.
+	 *
+	 * @since x.y.z
+	 *
+	 * @param string $password Plaintext password.
+	 * @return string Hashed password.
+	 */
+	public static function hash_password( string $password ): string {
+		return wp_fast_hash( $password );
+	}
+
+	/**
+	 * Checks a plaintext application password against a hashed password.
+	 *
+	 * @since x.y.z
+	 *
+	 * @param string     $password Plaintext password.
+	 * @param string     $hash     Hash of the password to check against.
+	 * @return bool Whether the password matches the hashed password.
+	 */
+	public static function check_password( string $password, string $hash ): bool {
+		return wp_verify_fast_hash( $password, $hash );
+	}
+
+	/**
+	 * Checks whether a password hash needs to be rehashed.
+	 *
+	 * A password hashed in a prior version of WordPress may still be hashed with phpass and will
+	 * need to be rehashed. If the algorithm is changed in WordPress then a password hashed in a
+	 * previous version will need to be rehashed.
+	 *
+	 * @since x.y.z
+	 *
+	 * @param string $hash Hash of a password to check.
+	 * @return bool Whether the hash needs to be rehashed.
+	 */
+	public static function password_needs_rehash( string $hash ): bool {
+		return ! str_starts_with( $hash, '$generic$' );
+	}
 }

src/wp-includes/class-wp-recovery-mode-key-service.php

@@ -37,29 +37,18 @@ public function generate_recovery_mode_token() {
 	 * Creates a recovery mode key.
 	 *
 	 * @since 5.2.0
-	 *
-	 * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
+	 * @since x.y.z The stored key is now hashed using wp_fast_hash() instead of phpass.
 	 *
 	 * @param string $token A token generated by {@see generate_recovery_mode_token()}.
 	 * @return string Recovery mode key.
 	 */
 	public function generate_and_store_recovery_mode_key( $token ) {
-
-		global $wp_hasher;
-
 		$key = wp_generate_password( 22, false );
 
-		if ( empty( $wp_hasher ) ) {
-			require_once ABSPATH . WPINC . '/class-phpass.php';
-			$wp_hasher = new PasswordHash( 8, true );
-		}
-
-		$hashed = $wp_hasher->HashPassword( $key );
-
 		$records = $this->get_keys();
 
 		$records[ $token ] = array(
-			'hashed_key' => $hashed,
+			'hashed_key' => wp_fast_hash( $key ),
 			'created_at' => time(),
 		);
 
@@ -85,16 +74,12 @@ public function generate_and_store_recovery_mode_key( $token ) {
 	 *
 	 * @since 5.2.0
 	 *
-	 * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
-	 *
 	 * @param string $token The token used when generating the given key.
-	 * @param string $key   The unhashed key.
+	 * @param string $key   The plain text key.
 	 * @param int    $ttl   Time in seconds for the key to be valid for.
 	 * @return true|WP_Error True on success, error object on failure.
 	 */
 	public function validate_recovery_mode_key( $token, $key, $ttl ) {
-		global $wp_hasher;
-
 		$records = $this->get_keys();
 
 		if ( ! isset( $records[ $token ] ) ) {
@@ -109,12 +94,7 @@ public function validate_recovery_mode_key( $token, $key, $ttl ) {
 			return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
 		}
 
-		if ( empty( $wp_hasher ) ) {
-			require_once ABSPATH . WPINC . '/class-phpass.php';
-			$wp_hasher = new PasswordHash( 8, true );
-		}
-
-		if ( ! $wp_hasher->CheckPassword( $key, $record['hashed_key'] ) ) {
+		if ( ! wp_verify_fast_hash( $key, $record['hashed_key'] ) ) {
 			return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
 		}
 
@@ -169,9 +149,20 @@ private function remove_key( $token ) {
 	 * Gets the recovery key records.
 	 *
 	 * @since 5.2.0
+	 * @since x.y.z Each key is now hashed using wp_fast_hash() instead of phpass.
+	 *              Existing keys may still be hashed using phpass.
+	 *
+	 * @return array {
+	 *     Associative array of token => data pairs, where the data is an associative
+	 *     array of information about the key.
 	 *
-	 * @return array Associative array of $token => $data pairs, where $data has keys 'hashed_key'
-	 *               and 'created_at'.
+	 *     @type array ...$0 {
+	 *         Information about the key.
+	 *
+	 *         @type string $hashed_key The hashed value of the key.
+	 *         @type int    $created_at The timestamp when the key was created.
+	 *     }
+	 * }
 	 */
 	private function get_keys() {
 		return (array) get_option( $this->option_name, array() );
@@ -181,9 +172,19 @@ private function get_keys() {
 	 * Updates the recovery key records.
 	 *
 	 * @since 5.2.0
+	 * @since x.y.z Each key should now be hashed using wp_fast_hash() instead of phpass.
+	 *
+	 * @param array $keys {
+	 *     Associative array of token => data pairs, where the data is an associative
+	 *     array of information about the key.
+	 *
+	 *     @type array ...$0 {
+	 *         Information about the key.
 	 *
-	 * @param array $keys Associative array of $token => $data pairs, where $data has keys 'hashed_key'
-	 *                    and 'created_at'.
+	 *         @type string $hashed_key The hashed value of the key.
+	 *         @type int    $created_at The timestamp when the key was created.
+	 *     }
+	 * }
 	 * @return bool True on success, false on failure.
 	 */
 	private function update_keys( array $keys ) {

src/wp-includes/class-wp-user-request.php

@@ -92,6 +92,8 @@ final class WP_User_Request {
 	 * Key used to confirm this request.
 	 *
 	 * @since 4.9.6
+	 * @since x.y.z The key is now hashed using wp_fast_hash() instead of phpass.
+	 *
 	 * @var string
 	 */
 	public $confirm_key = '';

src/wp-includes/class-wp-user.php

@@ -11,6 +11,7 @@
  * Core class used to implement the WP_User object.
  *
  * @since 2.0.0
+ * @since x.y.z The `user_pass` property is now hashed using bcrypt instead of phpass.
  *
  * @property string $nickname
  * @property string $description

src/wp-includes/functions.php

@@ -9085,3 +9085,52 @@ function wp_is_heic_image_mime_type( $mime_type ) {
 
 	return in_array( $mime_type, $heic_mime_types, true );
 }
+
+/**
+ * Returns a cryptographically secure hash of a message using a fast generic hash function.
+ *
+ * This function does not salt the value prior to being hashed, therefore input to this function should be generated
+ * with sufficiently high entropy if the data is sensitive, preferably greater than 128 bits. This function is used
+ * internally in WordPress to hash security keys and application passwords which are generated with high entropy.
+ *
+ * This function must not be used for hashing user-generated passwords. Use wp_hash_password() for that.
+ *
+ * Use the wp_verify_fast_hash() function to verify the hash.
+ *
+ * The BLAKE2b algorithm is used by Sodium to hash the message.
+ *
+ * @since x.y.z
+ *
+ * @throws TypeError Thrown by Sodium if the message is not a string.
+ *
+ * @param string $message The message to hash.
+ * @return string The hash of the message.
+ */
+function wp_fast_hash( string $message ): string {
+	return '$generic$' . sodium_bin2hex( sodium_crypto_generichash( $message ) );
+}
+
+/**
+ * Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash().
+ *
+ * The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash,
+ * the hash is treated as a phpass portable hash in order to provide backward compatibility for application passwords
+ * which were hashed using phpass prior to WordPress x.y.z.
+ *
+ * @since x.y.z
+ *
+ * @throws TypeError Thrown by Sodium if the message is not a string.
+ *
+ * @param string $message The plaintext message.
+ * @param string $hash    Hash of the message to check against.
+ * @return bool Whether the message matches the hashed message.
+ */
+function wp_verify_fast_hash( string $message, string $hash ): bool {
+	if ( ! str_starts_with( $hash, '$generic$' ) ) {
+		// Back-compat for old phpass hashes.
+		require_once ABSPATH . WPINC . '/class-phpass.php';
+		return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash );
+	}
+
+	return hash_equals( substr( $hash, 9 ), wp_fast_hash( $message ) );
+}