[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?
Eric Chamberlain
eric at rf.com
Wed Aug 20 16:23:48 CDT 2008
On Aug 20, 2008, at 12:34 PM, Igor Hernandez wrote:
> Hey SIP,
>
> I understand what you're saying but keeping the key in memory
> permanently doesn't protect you for very long, it just makes the
> attacker waste a bit more time scanning the memory to get at the key.
>
> In other words, if the key is available to asterisk it will be
> available
> to anyone else in the system with sufficient privileges.
>
Assume I'm using a FIPS 140-2 Level 4 HSM, now, how can I protect my
passwords when they are in the database?
--
Eric Chamberlain
Founder
RF.com
http://RF.com/
More information about the asterisk-users
mailing list