<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><span class="Apple-style-span" style="-webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "><font class="Apple-style-span" face="Monaco" size="3"><span class="Apple-style-span" style="font-size: 12px;">Thank you all, the problem of pass is resolved, so now I need to discover how the uuid of the avatar is generated . anyone have any idea how this happens? <br><br>Greetings,</span></font></span></div><div><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><font class="Apple-style-span" size="3"><span class="Apple-style-span" style=""><font class="Apple-style-span" face="Monaco" size="3"><span class="Apple-style-span" style="font-size: 12px;">Márcio Cardoso</span></font><br></span></font><br><br></span>
</div>
<br><div><div>A 2009/10/16, às 19:34, Frisby, Adam escreveu:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>Seconded. There are other weak points which could be more easily addressed at the current point in time; but I do expect many of those to finally get ironed out.<br><br>Adam<br><br><blockquote type="cite">-----Original Message-----<br></blockquote><blockquote type="cite">From: <a href="mailto:opensim-dev-bounces@lists.berlios.de">opensim-dev-bounces@lists.berlios.de</a> [mailto:opensim-dev-<br></blockquote><blockquote type="cite">bounces@lists.berlios.de] On Behalf Of <a href="mailto:diva@metaverseink.com">diva@metaverseink.com</a><br></blockquote><blockquote type="cite">Sent: Friday, 16 October 2009 9:22 AM<br></blockquote><blockquote type="cite">To: <a href="mailto:opensim-dev@lists.berlios.de">opensim-dev@lists.berlios.de</a><br></blockquote><blockquote type="cite">Subject: Re: [Opensim-dev] open sim UUID and Passwordhash<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">The usual warning, I'm a broken record:<br></blockquote><blockquote type="cite">there is very little security in open OpenSim grids right now.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Daniel Smith wrote:<br></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Not the best place to go over crypto 101, but for those unfamiliar<br></blockquote></blockquote><blockquote type="cite">with<br></blockquote><blockquote type="cite"><blockquote type="cite">the insecurity of md5("password") by itself, you owe yourself a visit<br></blockquote></blockquote><blockquote type="cite">to<br></blockquote><blockquote type="cite"><blockquote type="cite">some place like <a href="http://www.md5crack.com/crackmd5.php">http://www.md5crack.com/crackmd5.php</a>.  It'll open<br></blockquote></blockquote><blockquote type="cite">your<br></blockquote><blockquote type="cite"><blockquote type="cite">eyes quickly.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Try "20ee80e63596799a1543bc9fd88d8878"  -- it's ok, just a rabbit.<br></blockquote></blockquote><blockquote type="cite">Not<br></blockquote><blockquote type="cite"><blockquote type="cite">my password.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">The point that others here are making about salt is pretty valid<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">(incoming IP address + timestamp + username can be a good start).<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">You'll have to store the salt somewhere, because you'll never get the<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">same one again, and you'll need to add it to the users incoming pw to<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">hash again and compare...<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">And +1 to Adam's comment on transmission and storage requirements.<br></blockquote></blockquote><blockquote type="cite">Not<br></blockquote><blockquote type="cite"><blockquote type="cite">addressing security 101 will leave you with a site incapable of<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">transmitting anything (or much worse..)<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Daniel<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">--<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Daniel Smith - Sonoma County, California<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="http://daniel.org/resume">http://daniel.org/resume</a><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">---------------------------------------------------------------------<br></blockquote></blockquote><blockquote type="cite">---<br></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">_______________________________________________<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Opensim-dev mailing list<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="https://lists.berlios.de/mailman/listinfo/opensim-dev">https://lists.berlios.de/mailman/listinfo/opensim-dev</a><br></blockquote></blockquote><blockquote type="cite">_______________________________________________<br></blockquote><blockquote type="cite">Opensim-dev mailing list<br></blockquote><blockquote type="cite"><a href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a><br></blockquote><blockquote type="cite"><a href="https://lists.berlios.de/mailman/listinfo/opensim-dev">https://lists.berlios.de/mailman/listinfo/opensim-dev</a><br></blockquote>_______________________________________________<br>Opensim-dev mailing list<br><a href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a><br>https://lists.berlios.de/mailman/listinfo/opensim-dev<br></div></blockquote></div><br></body></html>