[Asterisk-Users] Plain Text Passwords for IAX and SIP
Tim Panton
tim at mexuar.com
Mon May 15 05:10:38 MST 2006
On 12 May 2006, at 19:21, Me wrote:
> Can someone tell me if passwords are sent in plain text when using
> IAX?
>
> I have been told already that SIP automatically encrypts the password?
>
> Anyone know of some good Asterisk security links, docs, articles?
>
> Thanks!
There are 4 options (as configured in iax.conf)
no password - access checked on IP address/subnet
plaintext - deprecated, but I think it still works
md5 - password is hashed with a challenge, so it is (relatively)
immune to snooping/replay attacks.
rsa - based on shared private keys (ie the initial key exchange isn't
asterisk's problem)
The MD5 option suits for most purposes.
Tim Panton
tim at mexuar.com
More information about the asterisk-users
mailing list