[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Wed Aug 20 13:40:34 CDT 2008
On Wed, Aug 20, 2008 at 02:20:50PM -0400, SIP wrote:
> Tzafrir Cohen wrote:
> > On Wed, Aug 20, 2008 at 10:00:55AM -0700, Eric Chamberlain wrote:
> >
> >> We are exploring using Asterisk for a project and we are looking for a
> >> way to encrypt/decrypt the peer passwords stored in the realtime
> >> database (postrges).
> >>
> >> Ideally, we want to use a public key to encrypt the passwords before
> >> they go into the database and have Asterisk use a private key to
> >> decrypt the password as part of the call out process.
> >>
> >> Has anyone developed something like this?
> >>
> >
> > What is the point in that? What threats does it help you to mitigate?
> >
> >
> It helps you mitigate an incredible amount of headache if someone hacks
> in and gains access to your DB. The user accounts are still rather
> secure -- at least long enough to inform your users to change their
> passwords.
So those passwords are used elsewhere?
In that case, look into md5secret. That is: store a digest of the
password (and a few more bits) on the DB.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list