[asterisk-users] Encrypted password for voicemail
jezzzz .
jezonthenet at yahoo.com
Mon Nov 27 18:12:19 MST 2006
Thanks for the response Tzafrir. I meant
voicemail.conf for the passwords of course - my
mistake. Trying to ensure that if voicemail.conf is
opened by an attacker that all the passwords are not
readily available. By hashing them or encrypting them
in a DB it's going to be much harder for an attacker
to obtain access to the passwords.
The only way to encrypt the sending of passwords to
the voicemail is by using SIP-TLS? (which is not yet
in production stage?).
Thanks
Jez
--- Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:
> On Fri, Nov 24, 2006 at 06:15:12AM -0800, jezzzz .
> wrote:
> > Hello all,
> >
> > I was wondering whether the only way to store the
> > passwords for the voicemail is in extensions.conf.
>
>
> voicemail.conf ?
>
> > Is
> > it perhaps possible to store it (encrypted) in a
> DB or
> > store the hash of the password (as is standard in
> > unix) in the extensions.conf file?
>
> Storing an encrypted DB? Encrypted in what way? What
> exactly do you want
> to defend against?
>
> >
> > Finally, it does not seem to me that the password
> the
> > user enters to obtain his voicemail is encrypted
> > between the user and Asterisk. Is this correct?
>
> Basically, not.
>
> --
> Tzafrir Cohen
____________________________________________________________________________________
Cheap talk?
Check out Yahoo! Messenger's low PC-to-Phone call rates.
http://voice.yahoo.com
More information about the asterisk-users
mailing list