[asterisk-users] Hide the plain text password

[Richard Kenner]

> Anyway, the answer is: No, it's mathematically impossible to do
> that.  Even if the passwords were stored encrypted, Asterisk itself
> has to be able to get the plaintext passwords to send to the remote
> server; so the code to decrypt them must necessarily be located on
> the machine.  And the Source Code to Asterisk is readily available,
> which is how come you were able to benefit from it, so it would be
> trivial to extract the passwords in any case.

But there IS a way to improve things, and it's what Cisco routers do.
You can have all password stored in config file encrypted with a
single master key.  That key is stored in a special file, containing
just that key.  THAT file must then be heavily-protected, but all
OTHER config files can now be placed into CM or anywhere else they
might be needed.