8 Nov
2004
8 Nov
'04
7:35 p.m.
Hello List.
I have a question regarding to the User and Password configured in a
UA. In which part of all the authentication process the password is used by
SER? If i have Radius for authenticate users, this password is "encrypted"
in the nonce parameter? If so, what prevent for some attacker to
"intercept" this packet and obtain this values?.
Thanks in advance
Ricardo Martinez
8 Nov
8 Nov
9:10 p.m.
Hi Ricardo,
in Digest Authentication (via mysql or radius) the password is never
sent out on network. The nounce is a challenge (random data) sent by
server. The client will do some MD5 over this nounce and the passwd
(and more info) and send the result back to server which will do the
similar computation. The result must match for a valid authentication.
Best regards,
Marian
Ricardo Martinez wrote:
Hello List.
I have a question regarding to the User and Password configured in a
UA. In which part of all the authentication process the password is used by
SER? If i have Radius for authenticate users, this password is "encrypted"
in the nonce parameter? If so, what prevent for some attacker to
"intercept" this packet and obtain this values?.
Thanks in advance
Ricardo Martinez
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Voice Sistem
http://www.voice-sistem.ro
7321
days inactive
7321
days old
1 comments
2 participants
participants (2)
-
Marian Dumitru -
Ricardo Martinez