[asterisk-users] Hide the plain text password

Jian Gao jian.gao at sjgeophysics.com
Tue Feb 15 18:08:03 CST 2011


How about encrypt the whole hard drive?

If I built a server and give to other people, there is no easy way to 
stop them reset the root password or just mount my drive to read 
everything on it. But if build an encrypt OS then it will be secure.  My 
question here are: <1>Is this against Asterisk GPL? <2>How about the 
performance on such a system?

*Jian*

On 11-02-15 04:50 AM, Tzafrir Cohen wrote:
> On Tue, Feb 15, 2011 at 07:18:08AM -0500, Richard Kenner wrote:
>>> Anyway, the answer is: No, it's mathematically impossible to do
>>> that.  Even if the passwords were stored encrypted, Asterisk itself
>>> has to be able to get the plaintext passwords to send to the remote
>>> server; so the code to decrypt them must necessarily be located on
>>> the machine.  And the Source Code to Asterisk is readily available,
>>> which is how come you were able to benefit from it, so it would be
>>> trivial to extract the passwords in any case.
>> But there IS a way to improve things, and it's what Cisco routers do.
>> You can have all password stored in config file encrypted with a
>> single master key.  That key is stored in a special file, containing
>> just that key.  THAT file must then be heavily-protected, but all
>> OTHER config files can now be placed into CM or anywhere else they
>> might be needed.
> Right. But it really won't help much (except complicating things) if the
> user has decent access to Asterisk.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110215/f00edb9a/attachment.htm>


More information about the asterisk-users mailing list