[asterisk-dev] A question about the nonce generation and checking

Klaus Darilion klaus.mailinglists at pernau.at
Wed Jan 23 06:27:48 CST 2008

Isaac Lee schrieb:
> Hi,
> I would like to find out more information on how the Asterisk generates 
> its nonce and whether it checks the validity of the nonce. Whereabouts 
> in the code I can find those information? And is the nonce just a random 
> string or it is computed based on some caller related information to 
> prevent replay attacks? Thank you

Hi Isaac!

Just take a look at chan_sip.c and search for the term "nonce". then you 
will find how the nonce is generated. IIRC it is just a random string 


More information about the asterisk-dev mailing list