[Opensim-dev] seamless migration of password hash & salt from md5 to sha-512

SignpostMarv Martin me at signpostmarv.name
Sun Jun 10 22:33:00 UTC 2012 

I should also clarify that I'm not expecting this to be merged in, I 
just wanted to test & demonstrate if it was technically possible to 
seamlessly migrate from one algorithm to another without maintaining two 
tables.

~ Marv.

On 10/06/2012 11:32, Gudule Lapointe wrote:
> Not only does this force to change all third party modules using 
> authentication (for this, changing the hash method should be an 
> option, not an arbitrary change)
>
> This also means the update process is not immediate, it relies on 
> every single user login via OpenSim.
> It could take months before all the passwords are 
> updated. Practically, they won't ever, probably.
> In the meantime, the authentication via third party module will be 
> broken for a part of the users (the ones already updated, or the other 
> ones, depending of the web module being patched or not).
>
>
> --
> http://www.speculoos.net/
> secondlife://speculoos.net:8002/
> Speculoos, the belgian cookie-flavored metaverse
>
> Le 10 juin 2012 à 07:15, SignpostMarv Martin a écrit :
>
>> clarification; I missed out the phrase "the patch simply checks when 
>> authentication occurs"
>>
>> On 10/06/2012 05:52, SignpostMarv Martin wrote:
>>> Earlier I decided to see if it was feasible to seamlessly migrate 
>>> the password hash & salt from md5 to sha-512- turns out it is :D
>>>
>>> By seamless I mean the grid operator needs take no action- the patch 
>>> simply checks if the salt in the db is of length 32 &uses md5 
>>> checking if it is, sha-512 if it isn't; if it is md5 and the 
>>> submitted password is valid, the stored hash & salt are updated with 
>>> new sha-512 values.
>>>
>>> As mentioned on the mantis ( 
>>> http://opensimulator.org/mantis/view.php?id=6046 ), any third-party 
>>> software which directly reads the database would need to be updated 
>>> to do similar salt length checks.
>>>
>>> Additionally, the provided patch is incomplete as I'm unsure of the 
>>> migration syntax for MSSQL/SQLite.
>>>
>>>
>>> ~ Marv.
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20120610/b98a4df5/attachment-0001.html>

More information about the Opensim-dev mailing list