[Opensim-dev] open sim UUID and Passwordhash
Márcio Cardoso
marciomaiden at gmail.com
Sat Oct 17 20:41:08 UTC 2009
do you now how i create the uuid in mysql?
Cumprimentos,
Márcio Cardoso
A 2009/10/17, às 21:21, Melanie escreveu:
> It is a random (Type 4) GUID.
>
> Melanie
>
> Márcio Cardoso wrote:
>> Thank you all, the problem of pass is resolved, so now I need to
>> discover how the uuid of the avatar is generated . anyone have any
>> idea how this happens?
>>
>> Greetings,
>> Márcio Cardoso
>>
>>
>>
>> A 2009/10/16, às 19:34, Frisby, Adam escreveu:
>>
>>> Seconded. There are other weak points which could be more easily
>>> addressed at the current point in time; but I do expect many of
>>> those to finally get ironed out.
>>>
>>> Adam
>>>
>>>> -----Original Message-----
>>>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>>>> bounces at lists.berlios.de] On Behalf Of diva at metaverseink.com
>>>> Sent: Friday, 16 October 2009 9:22 AM
>>>> To: opensim-dev at lists.berlios.de
>>>> Subject: Re: [Opensim-dev] open sim UUID and Passwordhash
>>>>
>>>> The usual warning, I'm a broken record:
>>>> there is very little security in open OpenSim grids right now.
>>>>
>>>> Daniel Smith wrote:
>>>>>
>>>>> Not the best place to go over crypto 101, but for those unfamiliar
>>>> with
>>>>> the insecurity of md5("password") by itself, you owe yourself a
>>>>> visit
>>>> to
>>>>> some place like http://www.md5crack.com/crackmd5.php. It'll open
>>>> your
>>>>> eyes quickly.
>>>>>
>>>>> Try "20ee80e63596799a1543bc9fd88d8878" -- it's ok, just a rabbit.
>>>> Not
>>>>> my password.
>>>>>
>>>>> The point that others here are making about salt is pretty valid
>>>>> (incoming IP address + timestamp + username can be a good start).
>>>>> You'll have to store the salt somewhere, because you'll never get
>>>>> the
>>>>> same one again, and you'll need to add it to the users incoming pw
>>>>> to
>>>>> hash again and compare...
>>>>>
>>>>> And +1 to Adam's comment on transmission and storage requirements.
>>>> Not
>>>>> addressing security 101 will leave you with a site incapable of
>>>>> transmitting anything (or much worse..)
>>>>>
>>>>> Daniel
>>>>>
>>>>> --
>>>>> Daniel Smith - Sonoma County, California
>>>>> http://daniel.org/resume
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>> ---
>>>>>
>>>>> _______________________________________________
>>>>> Opensim-dev mailing list
>>>>> Opensim-dev at lists.berlios.de
>>>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>>> _______________________________________________
>>>> Opensim-dev mailing list
>>>> Opensim-dev at lists.berlios.de
>>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> Opensim-dev at lists.berlios.de
>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20091017/85c84eb0/attachment-0001.html>
More information about the Opensim-dev
mailing list