[asterisk-dev] A question about the nonce generation and checking

Johansson Olle E oej at edvina.net
Wed Jan 23 04:42:59 CST 2008


23 jan 2008 kl. 11.07 skrev Isaac Lee:

> Hi,
>
> I would like to find out more information on how the Asterisk  
> generates
> its nonce and whether it checks the validity of the nonce. Whereabouts
> in the code I can find those information? And is the nonce just a  
> random
> string or it is computed based on some caller related information to
> prevent replay attacks? Thank you

What part of ASterisk are you talking about? We have digest auth
in many places.

/O



More information about the asterisk-dev mailing list