Earlier I decided to see if it was feasible to seamlessly migrate the
password hash & salt from md5 to sha-512- turns out it is :D
By seamless I mean the grid operator needs take no action- the patch
simply checks if the salt in the db is of length 32 &uses md5 checking
if it is, sha-512 if it isn't; if it is md5 and the submitted password
is valid, the stored hash & salt are updated with new sha-512 values.
As mentioned on the mantis (
http://opensimulator.org/mantis/view.php?id=6046 ), any third-party
software which directly reads the database would need to be updated to
do similar salt length checks.
Additionally, the provided patch is incomplete as I'm unsure of the
migration syntax for MSSQL/SQLite.
~ Marv.
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
