Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-18 Thread Marcio Cardoso
: opensim-dev-boun...@lists.berlios.de [mailto:opensim-dev- boun...@lists.berlios.de] On Behalf Of d...@metaverseink.com Sent: Friday, 16 October 2009 9:22 AM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash The usual warning, I'm a broken record

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-17 Thread Márcio Cardoso
:22 AM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash The usual warning, I'm a broken record: there is very little security in open OpenSim grids right now. Daniel Smith wrote: Not the best place to go over crypto 101, but for those unfamiliar

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-17 Thread Melanie
...@lists.berlios.de] On Behalf Of d...@metaverseink.com Sent: Friday, 16 October 2009 9:22 AM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash The usual warning, I'm a broken record: there is very little security in open OpenSim grids right now. Daniel Smith

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-17 Thread Márcio Cardoso
-Original Message- From: opensim-dev-boun...@lists.berlios.de [mailto:opensim-dev- boun...@lists.berlios.de] On Behalf Of d...@metaverseink.com Sent: Friday, 16 October 2009 9:22 AM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash The usual warning, I'm

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-17 Thread Márcio Cardoso
[mailto:opensim-dev- boun...@lists.berlios.de] On Behalf Of d...@metaverseink.com Sent: Friday, 16 October 2009 9:22 AM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash The usual warning, I'm a broken record: there is very little security in open OpenSim grids right

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-17 Thread Rich White
-Original Message- From: opensim-dev-boun...@lists.berlios.de [mailto:opensim-dev- boun...@lists.berlios.de] On Behalf Of d...@metaverseink.com Sent: Friday, 16 October 2009 9:22 AM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash The usual warning

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-16 Thread Melanie
it is. Adam -Original Message- From: opensim-dev-boun...@lists.berlios.de [mailto:opensim-dev- boun...@lists.berlios.de] On Behalf Of Melanie Sent: Thursday, 15 October 2009 4:14 PM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash Please

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-16 Thread Impalah Shenzhou
for decent security. Adam *From:* opensim-dev-boun...@lists.berlios.de [mailto: opensim-dev-boun...@lists.berlios.de] *On Behalf Of *Impalah Shenzhou *Sent:* Friday, 16 October 2009 3:44 AM *To:* opensim-dev@lists.berlios.de *Subject:* Re: [Opensim-dev] open sim UUID and Passwordhash

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-16 Thread Frisby, Adam
...@lists.berlios.de [mailto:opensim-dev-boun...@lists.berlios.de] On Behalf Of Impalah Shenzhou Sent: Friday, 16 October 2009 4:37 AM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash Thanks for the info Melanie. Adam, I consider Drupal, for example, a CMS

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-16 Thread Frisby, Adam
October 2009 8:20 AM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash Alan M Webb wrote: If everyone is really concerned about security, then perhaps we should stop using MD5? ;-) who's going to tell the LL clients that? cheers

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-16 Thread Daniel Smith
Not the best place to go over crypto 101, but for those unfamiliar with the insecurity of md5(password) by itself, you owe yourself a visit to some place like http://www.md5crack.com/crackmd5.php. It'll open your eyes quickly. Try 20ee80e63596799a1543bc9fd88d8878 -- it's ok, just a rabbit. Not

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-16 Thread diva
The usual warning, I'm a broken record: there is very little security in open OpenSim grids right now. Daniel Smith wrote: Not the best place to go over crypto 101, but for those unfamiliar with the insecurity of md5(password) by itself, you owe yourself a visit to some place like

[Opensim-dev] open sim UUID and Passwordhash

2009-10-15 Thread Márcio Cardoso
Good night, will be possible that someone could help me with 2 problems I have? I'm trying to create a stored procedure in mysql to add users, but do not know how UUID is generated. anyone have any idea how this happens? Another problem is how is the encoding of the password. The ideal was to

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-15 Thread Melanie
Please don't use that code. It creates unsalted hashes, which are not secure. The should be a ranndom salt, stored in the passwordSalt field in the DB. If that is blank, you're running a very insecure system Melanie Rich White wrote: here is the PHP code - $password_hash =

Re: [Opensim-dev] open sim UUID and Passwordhash

2009-10-15 Thread Frisby, Adam
...@lists.berlios.de] On Behalf Of Melanie Sent: Thursday, 15 October 2009 4:14 PM To: opensim-dev@lists.berlios.de Subject: Re: [Opensim-dev] open sim UUID and Passwordhash Please don't use that code. It creates unsalted hashes, which are not secure. The should be a ranndom salt, stored