[Asterisk-Users] Vonage

Ricardo Villa ricvil at telesip.net
Thu Jul 31 11:29:48 MST 2003


Right...The config file itself is encrypted so if you capture the downlaod
and can crack the RC4 algorithm then you are in.

The SIP authentication itself is just an MD5 hash of the password.  If it is
a short password you can try to brute force your way into cracking it.  But
if it is a long one (the parameter allows up to 31 alphanumeric characters)
then its probably not practical.

Ricardo
http://www.telesip.net


----- Original Message -----
From: "Mark Spencer" <markster at digium.com>
To: <asterisk-users at lists.digium.com>
Sent: Thursday, July 31, 2003 1:12 PM
Subject: Re: [Asterisk-Users] Vonage


> > There is no way for you to know the vonage password associated with your
> > account.  Even if you sniff out the tftp download, its encrypted.
>
> Clearly there must be a way to decrypt it back to plaintext, however,
> since SIP uses a chap-style MD5 scheme, which requires knowing original
> password at both ends.
>
> Mark
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list