GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Screenshot of the SVN changeset showing they pre-hash the password with HMAC-SHA384, then base64 the output, and then run bcrypt on the bade64-encoded value.

Download link

https://furry.engineer/system/media_attachments/files/114/019/356/034/315/773/original/4763731321dbefc3.jpg

Notices where this attachment appears

  1. Embed this notice
    Soatok Dreamseeker (soatok@furry.engineer)'s status on Monday, 17-Feb-2025 22:33:35 JST Soatok Dreamseeker Soatok Dreamseeker

    WordPress 6.8 is due to switch their password hashing to bcrypt, and their application passwords to BLAKE2b.

    Great news:

    They disarmed the 72 char footgun with bcrypt in the way I recommended (HMAC, rather than just SHA2, to prevent hash shucking, and base64 to prevent NUL truncation).

    https://core.trac.wordpress.org/changeset/59828

    In conversation about 5 days ago from furry.engineer permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.