I should also clarify that I'm not expecting this to be merged in, I
just wanted to test & demonstrate if it was technically possible to
seamlessly migrate from one algorithm to another without maintaining two
tables.
~ Marv.
On 10/06/2012 11:32, Gudule Lapointe wrote:
Not only does this force to change all third party modules using
authentication (for this, changing the hash method should be an
option, not an arbitrary change)
This also means the update process is not immediate, it relies on
every single user login via OpenSim.
It could take months before all the passwords are
updated. Practically, they won't ever, probably.
In the meantime, the authentication via third party module will be
broken for a part of the users (the ones already updated, or the other
ones, depending of the web module being patched or not).
--
http://www.speculoos.net/
secondlife://speculoos.net:8002/
Speculoos, the belgian cookie-flavored metaverse
Le 10 juin 2012 à 07:15, SignpostMarv Martin a écrit :
clarification; I missed out the phrase "the patch simply checks when
authentication occurs"
On 10/06/2012 05:52, SignpostMarv Martin wrote:
Earlier I decided to see if it was feasible to seamlessly migrate
the password hash & salt from md5 to sha-512- turns out it is :D
By seamless I mean the grid operator needs take no action- the patch
simply checks if the salt in the db is of length 32 &uses md5
checking if it is, sha-512 if it isn't; if it is md5 and the
submitted password is valid, the stored hash & salt are updated with
new sha-512 values.
As mentioned on the mantis (
http://opensimulator.org/mantis/view.php?id=6046 ), any third-party
software which directly reads the database would need to be updated
to do similar salt length checks.
Additionally, the provided patch is incomplete as I'm unsure of the
migration syntax for MSSQL/SQLite.
~ Marv.
_______________________________________________
Opensim-dev mailing list
[email protected] <mailto:[email protected]>
https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
