The sip-implementors list at Columbia.edu would be more appropriate for this question. Why not look in ser auth module code? And yes, the algorithm is the same as http digest. g-)

Holger Kinkelin wrote:

Hello list!

I wonder how a UAC calculates the response to a 401 "Unauthorized" message from a server.

I know that it works much like http digest authentication, but it's not exactely the same, since I do NOT have the Quality of Protection (qop) value. (Or am I wrong? My assumption is based on the fact that I don't see a qop-value in the REGISTER message my kphone sends after the 401)

I've written some piece of code that is (in pseudo code) like that:

HA1 = md5(username + ":" + realm + ":" + password) HA2 = md5(digestURI) response = md5(HA1 + ":" + nonce + ":" + recCounter + ":" + cNonce + ":" + qualOfProt + ":" + HA2)

username = "1000" realm = "192.168.0.31" password = "1000" digestURI = "sip:192.168.0.31" <--- IS THIS CORRECT?? Or is it s.th like "REGISTER sip: ..."? nonce = "4520e111333a24d8c4f3d20c6171cc37dfa2be33" recCounter = "00000001" cNonce = "abcdefghi" qualOfProt IS MISSING!

I know that my code is working for "normal" http digest authentication but not for "sip digest authentication". So what am I doing wrong?

Thanks for replies in advance! Regards, Holger _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers