[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?
Igor Hernandez
emistz at gmail.com
Wed Aug 20 16:54:26 CDT 2008
Hey Eric,
That I really have no experience with. Never really played with security
modules. Although someone more experienced should be able to chime in.
Eric Chamberlain wrote:
> On Aug 20, 2008, at 12:34 PM, Igor Hernandez wrote:
>
>> Hey SIP,
>>
>> I understand what you're saying but keeping the key in memory
>> permanently doesn't protect you for very long, it just makes the
>> attacker waste a bit more time scanning the memory to get at the key.
>>
>> In other words, if the key is available to asterisk it will be
>> available
>> to anyone else in the system with sufficient privileges.
>>
>
> Assume I'm using a FIPS 140-2 Level 4 HSM, now, how can I protect my
> passwords when they are in the database?
>
> --
> Eric Chamberlain
> Founder
> RF.com
> http://RF.com/
>
>
>
>
>
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> AstriCon 2008 - September 22 - 25 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
Igor Hernandez
Escape Communications
http://www.escapetel.com
More information about the asterisk-users
mailing list