11 Nov
2017
11 Nov
'17
3:11 a.m.
Hello,
I did some searches online and talked to some colleagues and it seems
Kamailio only supports the traditional HTTP digest authentication, which
uses MD5. I would like to know if any of you has been successful in using
bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has been deemed
as obsolete and insecure a long time ago. Perhaps you've written your own
auth module, or just modified the config script to call some other
credential checking routine using a custom python/perl script (I'm thinking
of doing the latter, of nothing better is available).
If any of you have done something like this, using bcrypt or any other
current and secure hashing algorithm, I would appreciate some guidance. If
you haven't, aren't you concerned about storing MD5 password hashes in your
database?
Note: if I can't find a good answer using this list, I will try the
developer's list next.
Thanks in advance,
Martín.
11 Nov
11 Nov
1:15 p.m.
Hello,
latest kamailio versions support also SHA256 algorithm:
-
https://www.kamailio.org/docs/modules/stable/modules/auth.html#idp36720604
However, the main blocker in suing a different hashing algorithm are the
sip client devices (mainly hardphones), which implement only MD5. If you
implement your own client app, then you can extend kamailio to support
whatever hashing you do in the client.
Then, of course you can use client side tls certificates for
authentication, which should be better than any hashing algorithm.
Cheers,
Daniel
On 11.11.17 01:11, Walter Martín Villalba wrote:
Hello,
I did some searches online and talked to some colleagues and it seems
Kamailio only supports the traditional HTTP digest authentication,
which uses MD5. I would like to know if any of you has been successful
in using bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which
has been deemed as obsolete and insecure a long time ago. Perhaps
you've written your own auth module, or just modified the config
script to call some other credential checking routine using a custom
python/perl script (I'm thinking of doing the latter, of nothing
better is available).
If any of you have done something like this, using bcrypt or any other
current and secure hashing algorithm, I would appreciate some
guidance. If you haven't, aren't you concerned about storing MD5
password hashes in your database?
Note: if I can't find a good answer using this list, I will try the
developer's list next.
Thanks in advance,
Martín.
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
Kamailio World Conference - www.kamailioworld.com
6:49 p.m.
Do you know of any mainstream SIP UACs which support anything other than standard MD5
digest auth?
On November 10, 2017 7:11:26 PM EST, "Walter Martín Villalba"
<wvillalba(a)gmail.com> wrote:
Hello,
I did some searches online and talked to some colleagues and it seems
Kamailio only supports the traditional HTTP digest authentication,
which
uses MD5. I would like to know if any of you has been successful in
using
bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has been
deemed
as obsolete and insecure a long time ago. Perhaps you've written your
own
auth module, or just modified the config script to call some other
credential checking routine using a custom python/perl script (I'm
thinking
of doing the latter, of nothing better is available).
If any of you have done something like this, using bcrypt or any other
current and secure hashing algorithm, I would appreciate some guidance.
If
you haven't, aren't you concerned about storing MD5 password hashes in
your
database?
Note: if I can't find a good answer using this list, I will try the
developer's list next.
Thanks in advance,
Martín.
-- Alex
--
Sent via mobile, please forgive typos and brevity.
12 Nov
12 Nov
12:33 p.m.
You can realize any of auth methods by yourself and include it via config
file/kemi on lua/by adding module
forexample I added SSO auth without any troubles instead of basid MD5 for
some projects.
2017-11-11 18:49 GMT+03:00 Alex Balashov <abalashov(a)evaristesys.com>om>:
Do you know of any mainstream SIP UACs which support
anything other than
standard MD5 digest auth?
On November 10, 2017 7:11:26 PM EST, "Walter Martín Villalba" <
wvillalba(a)gmail.com> wrote:
Hello,
I did some searches online and talked to some colleagues and it seems
Kamailio only supports the traditional HTTP digest authentication,
which
uses MD5. I would like to know if any of you has been successful in
using
bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has been
deemed
as obsolete and insecure a long time ago. Perhaps you've written your
own
auth module, or just modified the config script to call some other
credential checking routine using a custom python/perl script (I'm
thinking
of doing the latter, of nothing better is available).
If any of you have done something like this, using bcrypt or any other
current and secure hashing algorithm, I would appreciate some guidance.
If
you haven't, aren't you concerned about storing MD5 password hashes in
your
database?
Note: if I can't find a good answer using this list, I will try the
developer's list next.
Thanks in advance,
Martín.
-- Alex
--
Sent via mobile, please forgive typos and brevity.
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
13 Nov
13 Nov
11:22 a.m.
On 12.11.17 10:33, Yuriy Gorlichenko wrote:
You can realize any of auth methods by yourself and
include it via
config file/kemi on lua/by adding module
forexample I added SSO auth without any troubles instead of basid MD5
for some projects.
Out of curiosity, what do you refer by SSO?
Cheers,
Daniel
2017-11-11 18:49 GMT+03:00 Alex Balashov <abalashov(a)evaristesys.com
<mailto:abalashov@evaristesys.com>>:
Do you know of any mainstream SIP UACs which support anything
other than standard MD5 digest auth?
On November 10, 2017 7:11:26 PM EST, "Walter Martín Villalba"
<wvillalba(a)gmail.com <mailto:wvillalba@gmail.com>> wrote:
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
Kamailio World Conference - www.kamailioworld.com
Hello,
I did some searches online and talked to some colleagues and it seems
Kamailio only supports the traditional HTTP digest authentication,
which
uses MD5. I would like to know if any of you has been successful in
using
bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has been
deemed
as obsolete and insecure a long time ago. Perhaps you've written your
own
auth module, or just modified the config script to call some other
credential checking routine using a custom python/perl script (I'm
thinking
of doing the latter, of nothing better is available).
If any of you have done something like this, using bcrypt or any
other
current and secure hashing algorithm, I would
appreciate some
guidance.
If
you haven't, aren't you concerned about storing MD5 password
hashes in
your
database?
Note: if I can't find a good answer using this list, I will try the
developer's list next.
Thanks in advance,
Martín.
-- Alex
--
Sent via mobile, please forgive typos and brevity.
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
<https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
12:40 p.m.
Hi Daniel
Some Single Sign On system.
for example in the system that has multiple services but all works via one
auth service by token for example.
So in this case i changed standart-auth-SIP scheme to the token-based-auth
scheme.
Offcource it is not for mainstream clients software.
2017-11-13 11:22 GMT+03:00 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:
On 12.11.17 10:33, Yuriy Gorlichenko wrote:
You can realize any of auth methods by yourself and include it via config
file/kemi on lua/by adding module
forexample I added SSO auth without any troubles instead of basid MD5 for
some projects.
Out of curiosity, what do you refer by SSO?
Cheers,
Daniel
2017-11-11 18:49 GMT+03:00 Alex Balashov <abalashov(a)evaristesys.com>om>:
Do you know of any mainstream SIP UACs which
support anything other than
standard MD5 digest auth?
On November 10, 2017 7:11:26 PM EST, "Walter Martín Villalba" <
wvillalba(a)gmail.com> wrote:
_______________________________________________
Kamailio (SER) - Users Mailing
Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierlawww.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
Kamailio World Conference - www.kamailioworld.com
Hello,
I did some searches online and talked to some colleagues and it seems
Kamailio only supports the traditional HTTP digest authentication,
which
uses MD5. I would like to know if any of you has been successful in
using
bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has been
deemed
as obsolete and insecure a long time ago. Perhaps you've written your
own
auth module, or just modified the config script to call some other
credential checking routine using a custom python/perl script (I'm
thinking
of doing the latter, of nothing better is available).
If any of you have done something like this, using bcrypt or any other
current and secure hashing algorithm, I would appreciate some guidance.
If
you haven't, aren't you concerned about storing MD5 password hashes in
your
database?
Note: if I can't find a good answer using this list, I will try the
developer's list next.
Thanks in advance,
Martín.
-- Alex
--
Sent via mobile, please forgive typos and brevity.
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
2572
days inactive
2574
days old
5 comments
4 participants
participants (4)
-
Alex Balashov -
Daniel-Constantin Mierla -
Walter Martín Villalba -
Yuriy Gorlichenko