[Asterisk-Users] Re: SIP security
Tomislav Parcina
tparcina at lama.hr
Thu Jan 5 06:05:12 MST 2006
In article <1136367661.6516.45.camel at trix.home.tld>, trixter@
0xdecafbad.com says...
> to add to this, given the state of MD5 and its 'security' or lack
> thereof, its a bit over simplistic to just say md5 without adding that
> its actually 3 md5 hashes... Precomputing is harder (but not
> impossible) because of the way its done. The nonce makes it a little
> harder - although the nonce is known even by an attacker ...
To make long story short, SIP can be cracked (like evrything else). It
isn't so simple like sniffing the line because data is encripted. I
don't have to put anything extra in my sip.conf (or any other conf file)
or in my softphone for basic security (md5 encription), because all is
"allready there".
Have I got that right?
--
Tomislav Parcina
name.surname at email.t-com.hr
More information about the asterisk-users
mailing list