[asterisk-dev] SIP authentication with SHA
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sat Feb 11 05:07:34 MST 2006
On Fri, Feb 10, 2006 at 02:56:59PM +0100, Michael Prochaska wrote:
> Olle E. Johansson schrieb:
> >...write an RFC :-)
> >
>
> i don't think that this is necessary :-)
>
> >The MD5 is in the SIP RFC, and I've never seen anyone using SHA.
>
> no, md5 is NOT in the SIP RFC. HTTP digest authentication is not
> automatically md5
>
> and in the HTTP digest RFC there is md5 as example but SHA could also be
> used.
>
> i think if asterisk would support HTTP digest with SHA it would be easy
> to extend the UA's to support it too.
If SHA1 is practically not in use, then what you suggest is a new
extension. If so: why SHA1 and not a different digest algorithm?
See, e.g.
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
--
Tzafrir Cohen icq#16849755 +972-50-7952406
tzafrir.cohen at xorcom.com http://www.xorcom.com
More information about the asterisk-dev
mailing list