[Asterisk-Users] Re: SIP security
trixter aka Bret McDanel
trixter at 0xdecafbad.com
Thu Jan 5 07:08:49 MST 2006
On Thu, 2006-01-05 at 14:05 +0100, Tomislav Parcina wrote:
> In article <1136367661.6516.45.camel at trix.home.tld>, trixter@
> 0xdecafbad.com says...
> > to add to this, given the state of MD5 and its 'security' or lack
> > thereof, its a bit over simplistic to just say md5 without adding that
> > its actually 3 md5 hashes... Precomputing is harder (but not
> > impossible) because of the way its done. The nonce makes it a little
> > harder - although the nonce is known even by an attacker ...
>
> To make long story short, SIP can be cracked (like evrything else). It
> isn't so simple like sniffing the line because data is encripted. I
> don't have to put anything extra in my sip.conf (or any other conf file)
> or in my softphone for basic security (md5 encription), because all is
> "allready there".
>
> Have I got that right?
>
>
Yeah pretty much. While SIP can be cracked I would like to emphaise
that the benfit to 'work' ratio is such that its not likely that osmeone
would even try anything more than a simple dictionary attack so choosing
good passwords helps a lot in this regard.
--
Trixter http://www.0xdecafbad.com Bret McDanel
UK +44 870 340 4605 Germany +49 801 777 555 3402
US +1 360 207 0479 or +1 516 687 5200
FreeWorldDialup: 635378
http://www.sacaug.org/ Sacramento Asterisk Users Group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20060105/b7b43c4d/attachment.pgp
More information about the asterisk-users
mailing list