[Asterisk-Users] Re: SIP security

trixter aka Bret McDanel trixter at 0xdecafbad.com
Thu Jan 5 07:08:49 MST 2006


On Thu, 2006-01-05 at 14:05 +0100, Tomislav Parcina wrote:
> In article <1136367661.6516.45.camel at trix.home.tld>, trixter@
> 0xdecafbad.com says...
> > to add to this, given the state of MD5 and its 'security' or lack
> > thereof, its a bit over simplistic to just say md5 without adding that
> > its actually 3 md5 hashes...   Precomputing is harder (but not
> > impossible) because of the way its done.  The nonce makes it a little
> > harder - although the nonce is known even by an attacker ...
> 
> To make long story short, SIP can be cracked (like evrything else). It 
> isn't so simple like sniffing the line because data is encripted. I 
> don't have to put anything extra in my sip.conf (or any other conf file) 
> or in my softphone for basic security (md5 encription), because all is 
> "allready there".
> 
> Have I got that right?
> 
> 

Yeah pretty much.  While SIP can be cracked I would like to emphaise
that the benfit to 'work' ratio is such that its not likely that osmeone
would even try anything more than a simple dictionary attack so choosing
good passwords helps a lot in this regard.


-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
UK +44 870 340 4605   Germany +49 801 777 555 3402
US +1 360 207 0479 or +1 516 687 5200
FreeWorldDialup: 635378
http://www.sacaug.org/ Sacramento Asterisk Users Group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20060105/b7b43c4d/attachment.pgp


More information about the asterisk-users mailing list