[asterisk-security] register response calculation
Ashutosh
ashutosh.kumars at gmail.com
Sat Mar 1 12:22:28 CST 2008
Hi,
Essentially, you perform a md5 over a string , where the string is a output
of a concat over username , ":", password.... There may be other fields
also, do check them.
Quoted from rrfc2617...Page9
"
In this document the string obtained by applying the digest
algorithm to the data "data" with secret "secret" will be denoted
by KD(secret, data), and the string obtained by applying the
checksum algorithm to the data "data" will be denoted H(data). The
notation unq(X) means the value of the quoted-string X without the
surrounding quotes.
For the "MD5" and "MD5-sess" algorithms
H(data) = MD5(data)
and
KD(secret, data) = H(concat(secret, ":", data))
i.e., the digest is the MD5 of the secret concatenated with a colon
concatenated with the data. The "MD5-sess" algorithm is intended to
allow efficient 3rd party authentication servers; for the
difference in usage,
"
Best regards,
ashutosh nextstag
On Sat, Mar 1, 2008 at 9:02 AM, Raj Jain <rj2807 at gmail.com> wrote:
> SIP uses the same authentication mechanism as HTTP digest. The
> response is computed using some sort of hashing algorithm (e.g. MD5).
> RFC 2617 has the details on this: http://www.ietf.org/rfc/rfc2617.txt
>
>
> On Sat, Mar 1, 2008 at 8:46 AM, sipResearcher <sipmailing at yahoo.com>
> wrote:
> > Hi,
> >
> > I have a simple question about SIP messaging. When a SIP client wants to
> > register to SIP registrar (for example asterisk), it sends a REGISTER
> > message and receives a Unauthorized message with a nonce value and it
> > calculates a challenge response using username password and this nonce
> > value. A looked up to the rfc about regsitration process but I couldn't
> > understand how it computes this response value.
> >
> > What is the formula for this calculation. Which parameters does it use
> > exactly?
> >
> > ________________________________
> >
> > Looking for last minute shopping deals? Find them fast with Yahoo!
> Search.
> > _______________________________________________
> > --Bandwidth and Colocation Provided by http://www.api-digital.com--
> >
> > asterisk-security mailing list
> > To UNSUBSCRIBE or update options visit:
> > http://lists.digium.com/mailman/listinfo/asterisk-security
> >
>
>
>
> --
> Raj Jain
>
> mailto:rj2807 at gmail dot com
> sip:rjain at iptel dot org
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-security mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-security/attachments/20080301/b6053945/attachment.htm
More information about the asterisk-security
mailing list