11 Jun
2013
11 Jun
'13
11:12 a.m.
On 10/06/13 13:05, Klaus Darilion wrote:
On 06.06.2013 16:35, Daniel-Constantin Mierla wrote:
Agreed - that is one reason why I encourage use of TLS client certs:
http://www.resiprocate.org/ReproMutualTLSAuthenticationJitsi
I've had that working with both Jitsi and Polycom devices (they have
built-in certs) - it would be interesting to see a sample config and the
same howto for Kamailio, from what I can tell the TLS module does
support the same functionality.
One day I'll get around to adding client cert support into Lumicall
Hello,
On 6/6/13 11:05 AM, Daniel Pocock wrote:
Just a comment: it does not give you any additional security to store
the passwords in hashed form - as also the hashed password can be used
to calculate a proper authentication response.
The only benefit to use the hashed form is if the same password is
used in other systems too - then leaking the subscriber table does not
compromise the other systems (for approximately 4 hours with todays
MD5 hacking performance), but only the SIP system.
I was just looking over:
http://kb.asipto.com/asterisk:realtime:kamailio-3.3.x-asterisk-10.7.0-astdb
A couple of things I noticed:
- Kamailio is using a column sippasswd which is not hashed. Asterisk
doesn't use that column at all. Is there any reason this can't be done
with the H(A1) and H(A1b) columns? The INSERT example shows a
non-encrypted password.
you can store hashed value there. In Kamailio is just a matter of config
parameter/function parameter to say the loaded value is either plain
text or ha1.