[asterisk-dev] A question about the nonce generation and checking
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Jan 23 06:27:48 CST 2008
Isaac Lee schrieb:
> Hi,
>
> I would like to find out more information on how the Asterisk generates
> its nonce and whether it checks the validity of the nonce. Whereabouts
> in the code I can find those information? And is the nonce just a random
> string or it is computed based on some caller related information to
> prevent replay attacks? Thank you
Hi Isaac!
Just take a look at chan_sip.c and search for the term "nonce". then you
will find how the nonce is generated. IIRC it is just a random string
(ast_random())
klaus
More information about the asterisk-dev
mailing list