[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?
BJ Weschke
bweschke at gmail.com
Wed Aug 20 15:17:32 CDT 2008
Igor Hernandez wrote:
> I was thinking the same thing I believe Tzafrir just alluded to. If the
> passwords are encrypted in the DB with a public key then...asterisk
> needs to have the private key stored somewhere to be able to decrypt the
> values to authenticate the user. In this way there is nothing preventing
> whoever intrudes your boxes from getting that key and decrypting the
> values himself.
>
> I might be missing something though and if thats the case chime in, I'm
> interested in this issue.
>
> Regards,
>
>
You are. md5secret simply stores the crypt hash. When it receives the
password attempt, it too, is crypted using MD5 algorithm and then the
two hashes are compared. Using MD5 crypt hash, there is no way to
"decrypt" the hash. It's a "brute force" methodology to get the password
back if you've lost it.
--
--
Bird's The Word Technologies, Inc.
http://www.btwtech.com/
More information about the asterisk-users
mailing list