[asterisk-dev] [Code Review] Allow Setting Bitsize and make SRTP optional chan_sip
Tilghman Lesher
reviewboard at asterisk.org
Sat May 21 12:47:05 CDT 2011
> On 2011-05-21 11:18:21, Tilghman Lesher wrote:
> > Could you explain why anybody would want a 32-bit key? With today's processors, any conversation using such a key could be considered to be obscured, but not secured, because it's trivial to decrypt any message using such a short key length. We should be exploring longer key lengths, not shorter.
>
> irroot wrote:
> Im with you 100% however Snom only works with 32bit this is a bit better than nothing and will add the support for these phones.
>
> the patch makes it rather trivial to add additional lengths in the future.
>
> we have cpl thousand snom phones out there so big win to support them better.
>
> the patch on snoms website effectivly removes 80bit support this is worse.
>
>
>
No, it's really NOT better than nothing. Using faulty encryption can lead to a false sense of security. No encryption is better than encryption that will not withstand a casual brute-force attack.
I agree with the part of the patch that allows greater bit strengths, but any bit strength lower than 80 bits (arguably, even 80 bits is weak) should be disallowed.
- Tilghman
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1173/#review3588
-----------------------------------------------------------
On 2011-05-21 06:41:17, irroot wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1173/
> -----------------------------------------------------------
>
> (Updated 2011-05-21 06:41:17)
>
>
> Review request for Asterisk Developers.
>
>
> Summary
> -------
>
> change the encruption option to tristate with optional bit setting
> also make this a global option.
>
> qwell sugests a second option for bitlen have no problem with that.
>
>
> This addresses bug 19335.
> https://issues.asterisk.org/view.php?id=19335
>
>
> Diffs
> -----
>
> /team/irroot/t38gateway-trunk/channels/chan_sip.c 319935
> /team/irroot/t38gateway-trunk/channels/sip/include/sdp_crypto.h 319935
> /team/irroot/t38gateway-trunk/channels/sip/include/sip.h 319935
> /team/irroot/t38gateway-trunk/channels/sip/include/srtp.h 319935
> /team/irroot/t38gateway-trunk/channels/sip/sdp_crypto.c 319935
>
> Diff: https://reviewboard.asterisk.org/r/1173/diff
>
>
> Testing
> -------
>
>
> Thanks,
>
> irroot
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110521/a5fc9cbb/attachment.htm>
More information about the asterisk-dev
mailing list