[Opensim-dev] seamless migration of password hash & salt from md5 to sha-512
SignpostMarv Martin
opensim at signpostmarv.name
Sun Jun 10 04:52:16 UTC 2012
Earlier I decided to see if it was feasible to seamlessly migrate the
password hash & salt from md5 to sha-512- turns out it is :D
By seamless I mean the grid operator needs take no action- the patch
simply checks if the salt in the db is of length 32 &uses md5 checking
if it is, sha-512 if it isn't; if it is md5 and the submitted password
is valid, the stored hash & salt are updated with new sha-512 values.
As mentioned on the mantis (
http://opensimulator.org/mantis/view.php?id=6046 ), any third-party
software which directly reads the database would need to be updated to
do similar salt length checks.
Additionally, the provided patch is incomplete as I'm unsure of the
migration syntax for MSSQL/SQLite.
~ Marv.
More information about the Opensim-dev
mailing list