[Asterisk-Security] How does native IAX encryption work?
steve szmidt
asterisk-security at szmidt.org
Mon Jan 24 17:55:11 CST 2005
On Sunday 23 January 2005 22:27, steve szmidt wrote:
> On Sunday 23 January 2005 09:02 pm, Brian Capouch wrote:
> > I have seen plenty of evidence in the -cvs list and various posts in the
> > bugtracker that there is now, at least on an experimental basis, support
> > for native IAX encryption included in the CVS-HEAD versions. There's
> > even an "encryption" parameter in iax.conf.
> >
> > I have yet to see any explanation as to how it works--surely there must
> > be a key exchange of some sort?
> >
> > Anyways, I'm hoping someone here knows the scene.
>
> Let's check with -dev and see what they say...
I got this back from Mark (while he's in the air at 30,000 ft):
Instead of using the md5sum of the challenge + password being
sent back for the authentication, it is used as an AES key. 16 bytes of
random data are prepended (staring with random data, continuing with the
last 16 bytes of the previous packet).
--
Steve Szmidt
More information about the Asterisk-Security
mailing list