Right...The config file itself is encrypted so if you capture the downlaod and can crack the RC4 algorithm then you are in.
The SIP authentication itself is just an MD5 hash of the password. If it is a short password you can try to brute force your way into cracking it. But if it is a long one (the parameter allows up to 31 alphanumeric characters) then its probably not practical. Ricardo http://www.telesip.net ----- Original Message ----- From: "Mark Spencer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 31, 2003 1:12 PM Subject: Re: [Asterisk-Users] Vonage > > There is no way for you to know the vonage password associated with your > > account. Even if you sniff out the tftp download, its encrypted. > > Clearly there must be a way to decrypt it back to plaintext, however, > since SIP uses a chap-style MD5 scheme, which requires knowing original > password at both ends. > > Mark > > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
