[asterisk-users] Asterisk encrypted authentication for clients

Jeff LaCoursiere jeff at jeff.net
Fri Oct 30 09:37:50 CDT 2015


On 10/29/2015 04:01 PM, Motty wrote:
>
>
> On 10/29/2015 01:11 PM, Jeff LaCoursiere wrote:
>> On 10/28/2015 06:37 PM, Pete Mundy wrote:
>>> Hi Motty,
>>>
>>> Isn't the whole point of the nonce in a SIP registration to ensure 
>>> the secret doesn't go on the wire in plain-text? Is this not enough, 
>>> or are you looking to hide the username too?
>>>
>>> (if so, fair 'nuf, just wondering why :)
>>>
>>> Pete
>>>
>>> Ps, if so then I think TLS is the missing part of your equation.
>>>
>>> On 29/10/2015, at 11:54 AM, Motty <motty.cruz at gmail.com> wrote:
>>>
>>>> Hello,
>>>> I am searching for a solution to encrypt authentication from 
>>>> Asterisk server to clients. Searching srtp seem to encrypt traffic, 
>>>> I just want client authentication with encryption. Can someone 
>>>> point to the right direction? has anybody used ZRTP? experience 
>>>> with ZRTP?
>>>>
>>>> Thanks,
>>>> _motty
>>>
>>>
>>
>> You want SIP over TLS.  That encrypts the signalling.  SRTP and ZRTP 
>> encrypt the actual voice traffic.
>>
>> Cheers,
>>
>> j
>>
>>
>
>
> Thanks Jeff,
> I don't want SIP over TLS. I would like to encrypt password only, I 
> suppose over TLS.
>
> Thanks,
> _motty

The password isn't sent - SIP auth involves a challenge/response with 
hashing (digest authentication).  If that's all you are interested in, 
you are already there.

Cheers,

j

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20151030/5bcb4142/attachment.html>


More information about the asterisk-users mailing list