[asterisk-security] register response calculation
Raj Jain
rj2807 at gmail.com
Sat Mar 1 11:02:45 CST 2008
SIP uses the same authentication mechanism as HTTP digest. The
response is computed using some sort of hashing algorithm (e.g. MD5).
RFC 2617 has the details on this: http://www.ietf.org/rfc/rfc2617.txt
On Sat, Mar 1, 2008 at 8:46 AM, sipResearcher <sipmailing at yahoo.com> wrote:
> Hi,
>
> I have a simple question about SIP messaging. When a SIP client wants to
> register to SIP registrar (for example asterisk), it sends a REGISTER
> message and receives a Unauthorized message with a nonce value and it
> calculates a challenge response using username password and this nonce
> value. A looked up to the rfc about regsitration process but I couldn't
> understand how it computes this response value.
>
> What is the formula for this calculation. Which parameters does it use
> exactly?
>
> ________________________________
>
> Looking for last minute shopping deals? Find them fast with Yahoo! Search.
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-security mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-security
>
--
Raj Jain
mailto:rj2807 at gmail dot com
sip:rjain at iptel dot org
More information about the asterisk-security
mailing list