Planeshift has been using md5sum for a long time (just like most of the internet still does) but as it's well known md5 suffers from collisions and other issues which could even allow to identify the original password (
http://en.wikipedia.org/wiki/Md5#Security ) so we are going to migrate the game server passwords to sha256.
As we cannot just take the md5 and convert them to sha256 we will do a slow migration by having users input again the data so it will be possible to get these new hash to be used for account login.
These are the steps I plan to take in order to proceed on this migration:
1) registration and password recovery functionalities will start recording both md5sum and sha256sum hash in the server database
1.5) Game server will start accepting an additional field during login containing an unsalted sha256sum, around the same time svn clients will start sending these unsalted sha256sum (it's a tradeoff between security and ease. I'll explain more on the bottom). The server will store these unsalted sha256sum in it's database.
2) 0.5.8 release - Release clients will start sending unsalted sha256sum (same thing as 1.5), authentication is still done through the salted md5sum
2.5) The server starts accepting salted sha256sum for authentication, while retaining the previous authentication system when not provided the new data.
3) if there will be a 0.5.9 release clients will stop sending unsalted sha256sum and will start sending only salted ones, additionally md5sum will not be sent anymore. servers will use the sha256sum to authenticate if available else it will behave like with 0.5.8 clients and will store the unsalted sha256sum in it's database, if the client logging in is 0.5.8 or earlier md5sum will be used for autentication
4) 0.6.0 release sha256sum only will be used for autentication. clients earlier than 0.6.0 will be network incompatible (also for other reasons).
5) myplane will start using sha256 for autentication
6) registration of md5sum data will be halted in the registration/password recovery forms
7) the md5sum data will be deleted from the databases
8) migration complete
The risk of unsalted sha256sum is that it allows a man in the middle attack to your client.
In other words someone could listen to your communications between the client and the server and save for future use your sha256sum which is all someone needs to login, even though it's entirely useless to get back the original plain text password. Because of this fact using this easy method to convert password is *NOT* suggested on unsafe networks and an option will be provided in the login dialog to disable it (it will be enabled by default). If you know that your network is unsafe you are warmly suggested to untick this box and use the password recovery form from a safe location to add your sha256sum for the future, If you don't know or you know you are in a safe network you can untick it to increase security after the first login which will send your new password hash to the server (notice that till you don't rewrite your password in the box with a new client it won't be sent).
As an additional note: if your username is not a valid email anymore you are suggested during the migration period to correct this by contacting developers.
Enjoy playing planeshift. If you don't understand something of this please ask.
Currently step 1 is complete.
