Re: [Opensim-dev] open sim UUID and Passwordhash

Sat, 17 Oct 2009 13:18:15 -0700

Thank you all, the problem of pass is resolved, so now I need to discover how the uuid of the avatar is generated . anyone have any idea how this happens? 

Greetings,
Márcio Cardoso



A 2009/10/16, às 19:34, Frisby, Adam escreveu:
Seconded. There are other weak points which could be more easily addressed at the current point in time; but I do expect many of those to finally get ironed out. 

Adam


-----Original Message-----
From: opensim-dev-boun...@lists.berlios.de [mailto:opensim-dev-
boun...@lists.berlios.de] On Behalf Of d...@metaverseink.com
Sent: Friday, 16 October 2009 9:22 AM
To: opensim-dev@lists.berlios.de
Subject: Re: [Opensim-dev] open sim UUID and Passwordhash

The usual warning, I'm a broken record:
there is very little security in open OpenSim grids right now.

Daniel Smith wrote:


Not the best place to go over crypto 101, but for those unfamiliar

with
the insecurity of md5("password") by itself, you owe yourself a visit 
to

some place like http://www.md5crack.com/crackmd5.php.  It'll open

your

eyes quickly.

Try "20ee80e63596799a1543bc9fd88d8878"  -- it's ok, just a rabbit.

Not

my password.

The point that others here are making about salt is pretty valid
(incoming IP address + timestamp + username can be a good start).
You'll have to store the salt somewhere, because you'll never get the same one again, and you'll need to add it to the users incoming pw to 
hash again and compare...

And +1 to Adam's comment on transmission and storage requirements.

Not

addressing security 101 will leave you with a site incapable of
transmitting anything (or much worse..)

Daniel

--
Daniel Smith - Sonoma County, California
http://daniel.org/resume


---------------------------------------------------------------------

---


_______________________________________________
Opensim-dev mailing list
Opensim-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev

_______________________________________________
Opensim-dev mailing list
Opensim-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev

_______________________________________________
Opensim-dev mailing list
Opensim-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev



_______________________________________________
Opensim-dev mailing list
Opensim-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev

Reply via email to