[Asterisk-Security] Questions on IAX encryption

Michael Billerbeck michael.billerbeck at gmx.de
Mon May 7 03:19:33 MST 2007


Hi,

I would like to know how IAX2 encryption is handled in detail.
Information on voip-info.org is too asterisk related even though I know that
this protocol was developed in conjunction to asterisk.
http://www.voip-info.org/wiki/view/IAX+encryption
says that "there is a rather undocumented channel encryption feature". Is it
still undocumented?
You can use encryption=aes128 or encryption=yes. Is there no difference
between those two? I mean, maybe encryption=yes is for further development
of other encryption algorithms.

For the protocol itself I took the draft at
http://tools.ietf.org/id/draft-guy-iax-03.txt and there it says

"The key to use in encrypting the messages is computed by taking the the
CHALLENGE IE Section 8.4.14 from the AUTHREQ and concatenating any one of
the shared passwords then computing the 128-bit MD5 digest of this
combination.  To decrypt, if there is more than password for the peer, each
must be tried until the message is successfully decoded.  The key remains
constant for the duration of the call. Only the data portion of the messages
are encoded."

These two phrases in the paragraph are hard for me to understand! I don't
know if the first phrase is talking about encryption or authentication or
both because of the use of a hash algorithm. Does the part of the second
phrase "if there is more than password" mean "if there is more than one
password"?
Sorry, if my questions are too "dumb", my English is not that good.

Michael



More information about the Asterisk-Security mailing list