Hi,<br><br>Essentially, you perform a md5 over a string , where the string is a output of a concat over username , ":", password.... There may be other fields also, do check them.<br>Quoted from rrfc2617...Page9<br>
<br><br>"<pre> In this document the string obtained by applying the digest<br> algorithm to the data "data" with secret "secret" will be denoted<br> by KD(secret, data), and the string obtained by applying the<br>
checksum algorithm to the data "data" will be denoted H(data). The<br> notation unq(X) means the value of the quoted-string X without the<br> surrounding quotes.<br><br> For the "MD5" and "MD5-sess" algorithms<br>
<br> H(data) = MD5(data)<br><br> and<br><br> KD(secret, data) = H(concat(secret, ":", data))<br><br> i.e., the digest is the MD5 of the secret concatenated with a colon<br> concatenated with the data. The "MD5-sess" algorithm is intended to<br>
allow efficient 3rd party authentication servers; for the<br> difference in usage,</pre>"<br><br>Best regards,<br>ashutosh nextstag<br><div class="gmail_quote">On Sat, Mar 1, 2008 at 9:02 AM, Raj Jain <<a href="mailto:rj2807@gmail.com">rj2807@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">SIP uses the same authentication mechanism as HTTP digest. The<br>
response is computed using some sort of hashing algorithm (e.g. MD5).<br>
RFC 2617 has the details on this: <a href="http://www.ietf.org/rfc/rfc2617.txt" target="_blank">http://www.ietf.org/rfc/rfc2617.txt</a><br>
<div><div></div><div class="Wj3C7c"><br>
<br>
On Sat, Mar 1, 2008 at 8:46 AM, sipResearcher <<a href="mailto:sipmailing@yahoo.com">sipmailing@yahoo.com</a>> wrote:<br>
> Hi,<br>
><br>
> I have a simple question about SIP messaging. When a SIP client wants to<br>
> register to SIP registrar (for example asterisk), it sends a REGISTER<br>
> message and receives a Unauthorized message with a nonce value and it<br>
> calculates a challenge response using username password and this nonce<br>
> value. A looked up to the rfc about regsitration process but I couldn't<br>
> understand how it computes this response value.<br>
><br>
> What is the formula for this calculation. Which parameters does it use<br>
> exactly?<br>
><br>
> ________________________________<br>
><br>
> Looking for last minute shopping deals? Find them fast with Yahoo! Search.<br>
</div></div>> _______________________________________________<br>
> --Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">http://www.api-digital.com--</a><br>
><br>
> asterisk-security mailing list<br>
> To UNSUBSCRIBE or update options visit:<br>
> <a href="http://lists.digium.com/mailman/listinfo/asterisk-security" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-security</a><br>
><br>
<br>
<br>
<br>
--<br>
Raj Jain<br>
<br>
mailto:<a href="mailto:rj2807">rj2807</a> at gmail dot com<br>
sip:rjain at iptel dot org<br>
<br>
_______________________________________________<br>
--Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">http://www.api-digital.com--</a><br>
<br>
asterisk-security mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-security" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-security</a><br>
</blockquote></div><br>