[Asterisk-Users] no plain text passwords in iax.conf
Adam Hart
adam at teragen.com.au
Mon Nov 29 20:11:58 MST 2004
Bastian Schern wrote:
> Adam Hart schrieb:
>
>> Bastian Schern wrote:
>>
>>> Adam Hart schrieb:
>>>
>>>> Bastian Schern wrote:
>>>>
>>>>> Hello Asterisk friends,
>>>>>
>>>>> is it possible to avoid plain text passwords in the iax.conf or the
>>>>> iaxfriends MySQL database table?
>>>>>
>>>>
>>>> Asterisk needs the plain text password to authenicate. You could
>>>> wrap a base64 decode when reading the passwords, but this is
>>>> obsecurity, yet simple to implement & should prevent the casual
>>>> browser. I guess a more secure method would public key crypto and
>>>> give asterisk the key at runtime (obviously not 100% secure either)
>>>
>>>
>>>
>>>
>>> I found out that MySQL offers some methods to store strong passwords:
>>> http://www.voip-info.org/wiki-Asterisk+sip+mysql+peers
>>>
>>> But how I use this with Asterisk?
>>>
>>
>> That's using private key crypto, when you store the password you do
>> aes_encode(password,"somekey") then when asterisk reads it, do a
>> aes_decode(password,"somekey") - modify chan_iax2 when you do the
>> select - change the SQL statement: the column 'secret' to
>> 'aes_decode(secret,"somekey") as real_secret' then below change secret
>> to real_secret.
>>
>
> What is about the field md5secret similar to sip.conf?
> Is that not a solution for iax.conf?
>
(To the best of my knowledge) sip does md5 authenication differently and
doesn't require the actual password, just the md5 of it (and user &
domain). Iax requires it to md5 with the challenge.
-Adam
More information about the asterisk-users
mailing list