[asterisk-dev] [Code Review] Allow Setting Bitsize and make SRTP optional chan_sip

Tilghman Lesher reviewboard at asterisk.org
Sat May 21 12:47:05 CDT 2011



> On 2011-05-21 11:18:21, Tilghman Lesher wrote:
> > Could you explain why anybody would want a 32-bit key?  With today's processors, any conversation using such a key could be considered to be obscured, but not secured, because it's trivial to decrypt any message using such a short key length.  We should be exploring longer key lengths, not shorter.
> 
> irroot wrote:
>     Im with you 100% however Snom only works with 32bit this is a bit better than nothing and will add the support for these phones.
>     
>     the patch makes it rather trivial to add additional lengths in the future.
>     
>     we have cpl thousand snom phones out there so big win to support them better.
>     
>     the patch on snoms website effectivly removes 80bit support this is worse.
>     
>     
>

No, it's really NOT better than nothing.  Using faulty encryption can lead to a false sense of security.  No encryption is better than encryption that will not withstand a casual brute-force attack.

I agree with the part of the patch that allows greater bit strengths, but any bit strength lower than 80 bits (arguably, even 80 bits is weak) should be disallowed.


- Tilghman


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1173/#review3588
-----------------------------------------------------------


On 2011-05-21 06:41:17, irroot wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1173/
> -----------------------------------------------------------
> 
> (Updated 2011-05-21 06:41:17)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> change the encruption option to tristate with optional bit setting
> also make this a global option.
> 
> qwell sugests a second option for bitlen have no problem with that.
> 
> 
> This addresses bug 19335.
>     https://issues.asterisk.org/view.php?id=19335
> 
> 
> Diffs
> -----
> 
>   /team/irroot/t38gateway-trunk/channels/chan_sip.c 319935 
>   /team/irroot/t38gateway-trunk/channels/sip/include/sdp_crypto.h 319935 
>   /team/irroot/t38gateway-trunk/channels/sip/include/sip.h 319935 
>   /team/irroot/t38gateway-trunk/channels/sip/include/srtp.h 319935 
>   /team/irroot/t38gateway-trunk/channels/sip/sdp_crypto.c 319935 
> 
> Diff: https://reviewboard.asterisk.org/r/1173/diff
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> irroot
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110521/a5fc9cbb/attachment.htm>


More information about the asterisk-dev mailing list