[asterisk-users] Password to be ecrypted?

Robles Román, José Miguel jmrroman at indra.es
Wed May 4 12:44:54 CDT 2011


> De: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] En nombre de
> Paul Hayes
> Enviado el: miércoles, 04 de mayo de 2011 17:55
> Para: asterisk-users at lists.digium.com
> Asunto: Re: [asterisk-users] Password to be ecrypted?
>
> On 03/05/11 09:09, Robles Román, José Miguel wrote:
> > Perhaps using one-way hash functions
> (http://en.wikipedia.org/wiki/Cryptographic_hash_function)
> like MD5 or SHA-x, even if you get the file with passwords
> and the code that checks them, it would be difficult to find
> a collision (a password that matches the hash). This is the
> way in which apache, for example, stores passwords (see htpasswd).
> >
> > In order to maintain compatibility, the configurarion could be
> >
> > [...}
> > secret_sha2 = ...
> >
> > Regards,
> > José Miguel
>
> I thought this already existed:
>
> http://www.voip-info.org/wiki/view/Asterisk+sip+md5secret
>
> Although I have to admit, I've never tried using it.
>
> cheers,
> Paul.
>

I'm very sorry for the noise I've caused. I should have supposed that that wheel was already invented.

By the way, I like the implementation in iax.conf (auth=md5 ... secret=xxxxx), it seems more flexible, and it enables the use of other hash functions or other security algorithms.

Regards,

José Miguel

Este correo electrónico y, en su caso, cualquier fichero anexo al mismo, contiene información de carácter confidencial exclusivamente dirigida a su destinatario o destinatarios. Si no es vd. el destinatario indicado, queda notificado que la lectura, utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. En el caso de haber recibido este correo electrónico por error, se ruega notificar inmediatamente esta circunstancia mediante reenvío a la dirección electrónica del remitente.
Evite imprimir este mensaje si no es estrictamente necesario.

This email and any file attached to it (when applicable) contain(s) confidential information that is exclusively addressed to its recipient(s). If you are not the indicated recipient, you are informed that reading, using, disseminating and/or copying it without authorisation is forbidden in accordance with the legislation in effect. If you have received this email by mistake, please immediately notify the sender of the situation by resending it to their email address.
Avoid printing this message if it is not absolutely necessary.



More information about the asterisk-users mailing list