[asterisk-users] Register => plain text password
A J Stiles
asterisk_list at earthshod.co.uk
Wed Jan 22 03:22:04 CST 2014
On Wednesday 22 January 2014, José Pablo Méndez Soto wrote:
> Hello,
>
> Is there anyway to encrypt or scramble a bit the secret used to register
> with a provider? Im talking about the
>
> register => fromuser at fromdomain:secret at host
>
> directive in
> sip.conf<http://www.voip-info.org/wiki/view/Asterisk+config+sip.conf>
No.
Well. You *could* scramble it for storage; but that would only lull you into
a false sense of security, because ultimately it would have to be able to be
unscrambled by a program that was already right there on the machine,
somewhere under /usr/src/ where any competent programmer can look at it.
The client *has* to know the password in plaintext (or at least, how to
decrypt the stored, encrypted password), in order to be able to send it to
the server.
The way things stand, the configuration file with the password in it need only
be readable by the root user. And you know it has a password in it, so you
take care with it.
Here is an explanation from the developers of the Pidgin IM client, as to why
they store passwords in plaintext in their configuration file:
https://developer.pidgin.im/wiki/PlainTextPasswords
> This clever dude modified the code back in 1.4:
>
> http://www.oneharding.com/voip/asterisk_md5_register.html
Unfortunately, that doesn't work. It just elevates a stolen hash to the same
level of usefulness as a stolen password (and she even says so much, in the
linked article).
> I imagine that so many years later, and now with the implementation of
> pjsip this secret could be better protected?
No, because the underlying problem -- that decrypting a stored password also
requires the decryption key; but if the decryption key and encrypted password
are stored on the same machine, then anyone with access to the machine is able
to decrypt the password -- is a limitation of the universe, *not* a limitation
of present-day technology. There is simply nothing that anybody could invent
that would get around this.
> It is very unsafe to keep the
> accounts password right out there. Any ideas?
It's hidden behind another password, and that's about as secure as it's
mathematically possible ever to make it. And if someone else has root access
to your machine, then I humbly suggest that a SIP password might not be the
driest lentil you have to soak.
--
AJS
Answers come *after* questions.
More information about the asterisk-users
mailing list