Second Life passwords may contain UTF8 characters, but logging in on a OpenMetaverse based client using UTF8 chars in password = FAIL

Description

The grid definitely allows UTF8 chars to be used in passwords. The only restriction is: 6 - 16 chars and no spaces.
In other words, characters like !"§$%&/()= are fine. Reason: Stronger passwords possible.
Attempting to login using the testclient or my own software, produces a login error.

The methods used to create an MD5 Hash of the password are found in OpenMetaVerse.Utilities > Utilities.cs

public static string MD5(string password)
{
StringBuilder digest = new StringBuilder(32);
byte[] hash = MD5(ASCIIEncoding.Default.GetBytes(password));

// Convert the hash to a hex string
foreach (byte b in hash)
digest.AppendFormat(Utils.EnUsCulture, "{0:x2}", b);
return "$1$" + digest.ToString();
}

AND

public static string MD5String(string value)
{
StringBuilder digest = new StringBuilder(32);
byte[] hash = MD5(Encoding.UTF8.GetBytes(value));

// Convert the hash to a hex string
foreach (byte b in hash)
digest.AppendFormat(Utils.EnUsCulture, "{0:x2}", b);

return digest.ToString();
}

Note that the default method used to create an MD5 Hash of the password is the first one, MD5(string password), and that it uses ASCIIEncoding = FAIL.
Note also that method #2, MD5String(string value), does not prepend "$1$" to the return value.
I have prepended the output of MD5String(string value) with "$1$" and voila ! Login works.

I am pretty sure that many people have stumbled over this already.....
I may of course be mistaken.

Steps to Reproduce

Use a test account and change the password so that it contains characters such as !"§$%&/() .... take your pick.

Assignee

Unassigned

Reporter

Pixel

Severity

Medium

Environment

All

Fixed in Revision

None

Components

Affects versions

Priority

Major
Configure