[Opensim-dev] open sim UUID and Passwordhash
Rich White
rich.lynn.white at gmail.com
Sat Oct 17 21:34:58 UTC 2009
Here is the MySQL UUID function:
http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_uuid
===
2009/10/17 Márcio Cardoso <marciomaiden at gmail.com>:
> Thank you all, the problem of pass is resolved, so now I need to discover
> how the uuid of the avatar is generated . anyone have any idea how this
> happens?
>
> Greetings,
> Márcio Cardoso
>
>
>
> A 2009/10/16, às 19:34, Frisby, Adam escreveu:
>
> Seconded. There are other weak points which could be more easily addressed
> at the current point in time; but I do expect many of those to finally get
> ironed out.
>
> Adam
>
> -----Original Message-----
>
> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>
> bounces at lists.berlios.de] On Behalf Of diva at metaverseink.com
>
> Sent: Friday, 16 October 2009 9:22 AM
>
> To: opensim-dev at lists.berlios.de
>
> Subject: Re: [Opensim-dev] open sim UUID and Passwordhash
>
> The usual warning, I'm a broken record:
>
> there is very little security in open OpenSim grids right now.
>
> Daniel Smith wrote:
>
> Not the best place to go over crypto 101, but for those unfamiliar
>
> with
>
> the insecurity of md5("password") by itself, you owe yourself a visit
>
> to
>
> some place like http://www.md5crack.com/crackmd5.php. It'll open
>
> your
>
> eyes quickly.
>
> Try "20ee80e63596799a1543bc9fd88d8878" -- it's ok, just a rabbit.
>
> Not
>
> my password.
>
> The point that others here are making about salt is pretty valid
>
> (incoming IP address + timestamp + username can be a good start).
>
> You'll have to store the salt somewhere, because you'll never get the
>
> same one again, and you'll need to add it to the users incoming pw to
>
> hash again and compare...
>
> And +1 to Adam's comment on transmission and storage requirements.
>
> Not
>
> addressing security 101 will leave you with a site incapable of
>
> transmitting anything (or much worse..)
>
> Daniel
>
> --
>
> Daniel Smith - Sonoma County, California
>
> http://daniel.org/resume
>
>
> ---------------------------------------------------------------------
>
> ---
>
> _______________________________________________
>
> Opensim-dev mailing list
>
> Opensim-dev at lists.berlios.de
>
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
> _______________________________________________
>
> Opensim-dev mailing list
>
> Opensim-dev at lists.berlios.de
>
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
More information about the Opensim-dev
mailing list