[Asterisk-Dev] AES voice encryption for IAX2
James Golovich
james at wwnet.net
Sun Apr 18 09:23:23 MST 2004
On Sun, 18 Apr 2004, Olle E. Johansson wrote:
> Encryption is a big deal, sometimes of the media, sometimes of the
> signalling and sometimes of both.
>
> Encryption of the SIP dialogue is important, considering users
> with SIP INFO dtmf sending bank accounts and pin codes in clear text over the
> internet...
>
This is absolutely true. I'm suprised nobody else commented on my earlier
message saying this.
Let me reiterate. The signalling information is frequently more valuable
to an attacker than the payload.
If someone wants your voicemail password all they need to know is the
voicemail access number and have access to the data stream. Since the
DTMF will be sent out of band (and thus unencrypted), its trivial for an
attacker to access your voicemail.
James
More information about the asterisk-dev
mailing list