[asterisk-dev] [Code Review] SIP authentication support
Hans Witvliet
asterisk at a-domani.nl
Sat Feb 9 11:18:59 CST 2013
-----Original Message-----
From: Olle E Johanson <oej at edvina.net>
Reply-to: Asterisk Developers Mailing List
<asterisk-dev at lists.digium.com>
To: Asterisk Developers Mailing List <asterisk-dev at lists.digium.com>
Cc: Olle E Johanson <oej at edvina.net>
Subject: Re: [asterisk-dev] [Code Review] SIP authentication support
Date: Fri, 8 Feb 2013 16:52:34 +0100
8 feb 2013 kl. 16:01 skrev Mark Michelson <mmichelson at digium.com>:
> On 02/08/2013 12:58 AM, Olle E. Johansson wrote:
>> On the topic of authentication:
[snip]
Another issue:
An old Asterisk user, Kapejod, did some tests the other day. It took just a few minutes to brute-force a four character password with MD5.
I think we should be among the first to migrate to SHA256 auth, so please code in a way that you can select algorithm or force one.
Also think about using TLS client certs for auth, especially on trunks to other SIP servers.
/O
--
_____________________________________________________________________
Perhaps a long shot, but why can't asterisk use use the authentication
methods already existing on systems?
Something like pam_asterisk ?
If possible, you could use anything (pwd, ldap, kerberos, pkcs11, ...)
Or do i over-simplify things...
hw
More information about the asterisk-dev
mailing list