[Opensim-dev] seamless migration of password hash & salt from md5 to sha-512
SignpostMarv Martin
opensim at signpostmarv.name
Sun Jun 10 05:15:24 UTC 2012
clarification; I missed out the phrase "the patch simply checks when
authentication occurs"
On 10/06/2012 05:52, SignpostMarv Martin wrote:
> Earlier I decided to see if it was feasible to seamlessly migrate the
> password hash & salt from md5 to sha-512- turns out it is :D
>
> By seamless I mean the grid operator needs take no action- the patch
> simply checks if the salt in the db is of length 32 &uses md5 checking
> if it is, sha-512 if it isn't; if it is md5 and the submitted password
> is valid, the stored hash & salt are updated with new sha-512 values.
>
> As mentioned on the mantis (
> http://opensimulator.org/mantis/view.php?id=6046 ), any third-party
> software which directly reads the database would need to be updated to
> do similar salt length checks.
>
> Additionally, the provided patch is incomplete as I'm unsure of the
> migration syntax for MSSQL/SQLite.
>
>
> ~ Marv.
More information about the Opensim-dev
mailing list