On Mon, Nov 27, 2006 at 05:12:19PM -0800, jezzzz . wrote:
> Thanks for the response Tzafrir. I meant
> voicemail.conf for the passwords of course - my
> mistake. Trying to ensure that if voicemail.conf is
> opened by an attacker that all the passwords are not
> readily available. By hashing them or encrypting them
> in a DB it's going to be much harder for an attacker
> to obtain access to the passwords.
>
> The only way to encrypt the sending of passwords to
> the voicemail is by using SIP-TLS?
Those are two conflicting goals. If you only save a hash of the
passowrd, as in /etc/shadow, you cannot reproduce the original password
from it in order to calculate "similar" hashes for chalange-and-response
authentication.
So do you want to protect from an eves-dropper or from a local attacker?
Anyway, at the current state of afairs, you get basically nothing.
> (which is not yet
> in production stage?).
If we leave development issues aside and look at things you can use now:
use stunnel to provide SSL/TLS support for it?
--
Tzafrir Cohen
icq#16849755 jabber:[EMAIL PROTECTED]
+972-50-7952406 mailto:[EMAIL PROTECTED]
http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
