Aymeric, Good to hear from you!
There’s been some discussion in the IETF which we haven’t resolved on how to handle this. I think you need to setup different domains or realms each with one auth algorithm. If you offer two at the same time - what’s the point? You are still wide open for downgrade attacks and haven’t accomplished much.
I guess we will have to wait until the IETF resolves this issue, which propably applies to more protocols. The big question is how to upgrade a user base to stronger authentication algorithms in HTTP Digest auth without allowing downgrade attacks.
Cheers, /O
On 16 Jun 2020, at 20:42, Henning Westerholt hw@skalatan.de wrote:
Hello,
take a look to this parameter, you can switch between MD5 and SHA256, but only use once at a time:
https://www.kamailio.org/docs/modules/5.3.x/modules/auth.html#auth.p.algorit... https://www.kamailio.org/docs/modules/5.3.x/modules/auth.html#auth.p.algorithm
About planned features – I am not aware of major extensions in this module. Of course, any contribution is welcome.
Cheers,
Henning
-- Henning Westerholt – https://skalatan.de/blog/ https://skalatan.de/blog/ Kamailio services – https://gilawa.com https://gilawa.com/
From: sr-users <sr-users-bounces@lists.kamailio.org mailto:sr-users-bounces@lists.kamailio.org> On Behalf Of Aymeric Moizard Sent: Monday, June 15, 2020 10:31 PM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org> Subject: [SR-Users] MD5 and SHA-256 instead of MD5 or SHA-256...
Hi All,
I'd like to improve my setup by switching to SHA-256. However, as a first step, I would like to offer both MD5 and SHA-256 in 2 different WWW-Authenticate header.
If I'm correct, this is not doable with the latest auth module? Is this a planned feature?
As an alternative, I would like to decide the algorithm in the script instead of a module parameter. It looks to me this is also not doable? Again, is this a planned feature?
Thanks to all,
Regards Aymeric
-- Antisip - http://www.antisip.com http://www.antisip.com/_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users