[Opensim-dev] open sim UUID and Passwordhash
Melanie
melanie at t-data.com
Sat Oct 17 20:21:15 UTC 2009
It is a random (Type 4) GUID.
Melanie
Márcio Cardoso wrote:
> Thank you all, the problem of pass is resolved, so now I need to
> discover how the uuid of the avatar is generated . anyone have any
> idea how this happens?
>
> Greetings,
> Márcio Cardoso
>
>
>
> A 2009/10/16, às 19:34, Frisby, Adam escreveu:
>
>> Seconded. There are other weak points which could be more easily
>> addressed at the current point in time; but I do expect many of
>> those to finally get ironed out.
>>
>> Adam
>>
>>> -----Original Message-----
>>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>>> bounces at lists.berlios.de] On Behalf Of diva at metaverseink.com
>>> Sent: Friday, 16 October 2009 9:22 AM
>>> To: opensim-dev at lists.berlios.de
>>> Subject: Re: [Opensim-dev] open sim UUID and Passwordhash
>>>
>>> The usual warning, I'm a broken record:
>>> there is very little security in open OpenSim grids right now.
>>>
>>> Daniel Smith wrote:
>>>>
>>>> Not the best place to go over crypto 101, but for those unfamiliar
>>> with
>>>> the insecurity of md5("password") by itself, you owe yourself a
>>>> visit
>>> to
>>>> some place like http://www.md5crack.com/crackmd5.php. It'll open
>>> your
>>>> eyes quickly.
>>>>
>>>> Try "20ee80e63596799a1543bc9fd88d8878" -- it's ok, just a rabbit.
>>> Not
>>>> my password.
>>>>
>>>> The point that others here are making about salt is pretty valid
>>>> (incoming IP address + timestamp + username can be a good start).
>>>> You'll have to store the salt somewhere, because you'll never get
>>>> the
>>>> same one again, and you'll need to add it to the users incoming pw
>>>> to
>>>> hash again and compare...
>>>>
>>>> And +1 to Adam's comment on transmission and storage requirements.
>>> Not
>>>> addressing security 101 will leave you with a site incapable of
>>>> transmitting anything (or much worse..)
>>>>
>>>> Daniel
>>>>
>>>> --
>>>> Daniel Smith - Sonoma County, California
>>>> http://daniel.org/resume
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>> ---
>>>>
>>>> _______________________________________________
>>>> Opensim-dev mailing list
>>>> Opensim-dev at lists.berlios.de
>>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> Opensim-dev at lists.berlios.de
>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
More information about the Opensim-dev
mailing list