[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?
Eric Chamberlain
eric at rf.com
Wed Aug 20 16:10:02 CDT 2008
On Aug 20, 2008, at 10:19 AM, Tzafrir Cohen wrote:
> On Wed, Aug 20, 2008 at 10:00:55AM -0700, Eric Chamberlain wrote:
>> We are exploring using Asterisk for a project and we are looking
>> for a
>> way to encrypt/decrypt the peer passwords stored in the realtime
>> database (postrges).
>>
>> Ideally, we want to use a public key to encrypt the passwords before
>> they go into the database and have Asterisk use a private key to
>> decrypt the password as part of the call out process.
>>
>> Has anyone developed something like this?
>
> What is the point in that? What threats does it help you to mitigate?
>
Passwords are added/changed on a web front-end and stored in a database.
We want to limit exposure to the Asterisk boxes, we don't want
compromises of the web front-end or database to result in revealing
passwords.
These passwords are used to authenticate with other SIP systems, so
storing a MD5 hash wouldn't work, hence the need to encrypt and decrypt.
--
Eric Chamberlain
Founder
RF.com
http://RF.com/
More information about the asterisk-users
mailing list