> On Wed, 2009-03-11 at 15:13 -0400, Andrew M. Lauppe wrote:
>>> Despite of all the arguments on other things we could do, why not
>>> increase
>>> the level of security in Asterisk if there is a possibility to do
>>> so?
>>>
>> Bottom line here, I think, is that the security holes aren't just in
>> Asterisk, they're in SIP, and Asterisk has to support SIP. It is SIP
>> that passes the usernames/passwords in plaintext. If SIP supported a
>> more secure authentication scheme, Asterisk would support it.
>>
>
> sip does do more secure auth, TLS but its not supported in asterisk
> because it requires TCP (RFC requires tcp support anyway, yet asterisk
> does not officially do that either).
>
> And passwords are NOT in plaintext.
>
> The username, nonce, and what you are doing (REGISTER for example) are
> all cleartext, but the password is not. The nonce is a short duration
> disposable number to prevent replay attacks.
To clarify: The password is never sent over the wire. It's a challenge-
response
authentication mechanism that sends a MD5 digest of a combination of
data sent in clear text and a shared secret that is not sent at all
("password").
I see two other alternatives:
- TLS authentication. This requires a lot of certificate/key pair
management.
- Stronger challenge-response by moving away from MD5 to SHAxxx.
/O
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
Posts
No comments:
Post a Comment