[asterisk-users] How to stop intruder from registering sip?
Mark Deneen
mdeneen at gmail.com
Thu Jul 1 12:31:39 CDT 2010
On Thu, Jul 1, 2010 at 12:53 PM, Tilghman Lesher <tlesher at digium.com> wrote:
>
> That would only be true if you used random characters in your 17-character
> passphrase. In fact, English text has somewhere between 0.6 and 1.5 bits
> of
> randomness per letter, whereas an SHA1sum has no more than 4 bits of
> randomness per letter. Let's assume the higher number of randomness for
> your English text, which gives us 1.5 * 17, which is 25.5 bits of
> randomness.
> Note that the prefix 3 characters have ZERO randomness per character, as
> they
> are deterministic from the extension. That gives an even less 21 bits of
> randomness. SHA1 cryptographic sums have no more than 160 bits of
> randomness.
>
> I say "no more than", because, given knowledge of the algorithm used to
> determine passwords, the sum is reduced to the number of bits of randomness
> in
> the source material. You cannot generate randomness by applying a
> deterministic algorithm. However, given that the source material for the
> hash
> sum is of a smaller bit strength than the comparative strength of the hash
> algorithm, your difficulty of guessing the password is not reduced any by
> using the hash algorithm for generative purposes.
>
>
With this in mind, I'll be sure to forge my passwords from Chinese text from
now on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100701/31781cbc/attachment.htm
More information about the asterisk-users
mailing list