[asterisk-users] Hide the plain text password
Hans Witvliet
hwit at a-domani.nl
Tue Feb 15 16:51:26 CST 2011
On Tue, 2011-02-15 at 07:18 -0500, Richard Kenner wrote:
> > Anyway, the answer is: No, it's mathematically impossible to do
> > that. Even if the passwords were stored encrypted, Asterisk itself
> > has to be able to get the plaintext passwords to send to the remote
> > server; so the code to decrypt them must necessarily be located on
> > the machine. And the Source Code to Asterisk is readily available,
> > which is how come you were able to benefit from it, so it would be
> > trivial to extract the passwords in any case.
>
> But there IS a way to improve things, and it's what Cisco routers do.
> You can have all password stored in config file encrypted with a
> single master key. That key is stored in a special file, containing
> just that key. THAT file must then be heavily-protected, but all
> OTHER config files can now be placed into CM or anywhere else they
> might be needed.
>
>
> --
sounds like asymetric cryptography ....
More information about the asterisk-users
mailing list