[asterisk-users] SIP secruity: username and password
Alex Balashov
abalashov at evaristesys.com
Thu May 5 07:23:32 CDT 2011
On 05/05/2011 08:21 AM, Olle E. Johansson wrote:
> Because they HAVE TO. In the 401/407 reply, there's a challenge
> (nonce) which is an important part of the MD5 Digest Auth scheme.
I meant more to contrast with how some UACs will attempt to re-cycle old
Authorization credentials in re-registrations and so on.
> The password is NOT encrypted. It's is used as the basis of a
> textstring you calculate a hash from. That's very different :-)
I know. I was trying to keep it simple for the OP.
> I would say it may call for SIP with TLS client authentication -
> regardless if you need encryption or not...
On this point of view we may differ.
--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
More information about the asterisk-users
mailing list