[Asterisk-Users] no plain text passwords in iax.conf

Adam Hart adam at teragen.com.au
Mon Nov 29 20:11:58 MST 2004


Bastian Schern wrote:

> Adam Hart schrieb:
> 
>> Bastian Schern wrote:
>>
>>> Adam Hart schrieb:
>>>
>>>> Bastian Schern wrote:
>>>>
>>>>> Hello Asterisk friends,
>>>>>
>>>>> is it possible to avoid plain text passwords in the iax.conf or the 
>>>>> iaxfriends MySQL database table?
>>>>>
>>>>
>>>> Asterisk needs the plain text password to authenicate. You could 
>>>> wrap a base64 decode when reading the passwords, but this is 
>>>> obsecurity, yet simple to implement & should prevent the casual 
>>>> browser. I guess a more secure method would public key crypto and 
>>>> give asterisk the key at runtime (obviously not 100% secure either)
>>>
>>>
>>>
>>>
>>> I found out that MySQL offers some methods to store strong passwords: 
>>> http://www.voip-info.org/wiki-Asterisk+sip+mysql+peers
>>>
>>> But how I use this with Asterisk?
>>>
>>
>> That's using private key crypto, when you store the password you do 
>> aes_encode(password,"somekey") then when asterisk reads it, do a 
>> aes_decode(password,"somekey") - modify chan_iax2 when you do the 
>> select  - change the SQL statement: the column 'secret' to 
>> 'aes_decode(secret,"somekey") as real_secret' then below change secret 
>> to real_secret.
>>
> 
> What is about the field md5secret similar to sip.conf?
> Is that not a solution for iax.conf?
> 

(To the best of my knowledge) sip does md5 authenication differently and 
doesn't require the actual password, just the md5 of it (and user & 
domain). Iax requires it to md5 with the challenge.

-Adam



More information about the asterisk-users mailing list