[Opensim-dev] open sim UUID and Passwordhash

Márcio Cardoso marciomaiden at gmail.com
Sat Oct 17 20:17:53 UTC 2009 

Thank you all, the problem of pass is resolved, so now I need to  
discover how the uuid of the avatar is generated . anyone have any  
idea how this happens?

Greetings,
Márcio Cardoso



A 2009/10/16, às 19:34, Frisby, Adam escreveu:

> Seconded. There are other weak points which could be more easily  
> addressed at the current point in time; but I do expect many of  
> those to finally get ironed out.
>
> Adam
>
>> -----Original Message-----
>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>> bounces at lists.berlios.de] On Behalf Of diva at metaverseink.com
>> Sent: Friday, 16 October 2009 9:22 AM
>> To: opensim-dev at lists.berlios.de
>> Subject: Re: [Opensim-dev] open sim UUID and Passwordhash
>>
>> The usual warning, I'm a broken record:
>> there is very little security in open OpenSim grids right now.
>>
>> Daniel Smith wrote:
>>>
>>> Not the best place to go over crypto 101, but for those unfamiliar
>> with
>>> the insecurity of md5("password") by itself, you owe yourself a  
>>> visit
>> to
>>> some place like http://www.md5crack.com/crackmd5.php.  It'll open
>> your
>>> eyes quickly.
>>>
>>> Try "20ee80e63596799a1543bc9fd88d8878"  -- it's ok, just a rabbit.
>> Not
>>> my password.
>>>
>>> The point that others here are making about salt is pretty valid
>>> (incoming IP address + timestamp + username can be a good start).
>>> You'll have to store the salt somewhere, because you'll never get  
>>> the
>>> same one again, and you'll need to add it to the users incoming pw  
>>> to
>>> hash again and compare...
>>>
>>> And +1 to Adam's comment on transmission and storage requirements.
>> Not
>>> addressing security 101 will leave you with a site incapable of
>>> transmitting anything (or much worse..)
>>>
>>> Daniel
>>>
>>> --
>>> Daniel Smith - Sonoma County, California
>>> http://daniel.org/resume
>>>
>>>
>>> ---------------------------------------------------------------------
>> ---
>>>
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> Opensim-dev at lists.berlios.de
>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20091017/0cde60e5/attachment-0001.html>

More information about the Opensim-dev mailing list