On Aug 20, 2008, at 12:34 PM, Igor Hernandez wrote: > Hey SIP, > > I understand what you're saying but keeping the key in memory > permanently doesn't protect you for very long, it just makes the > attacker waste a bit more time scanning the memory to get at the key. > > In other words, if the key is available to asterisk it will be > available > to anyone else in the system with sufficient privileges. >
Assume I'm using a FIPS 140-2 Level 4 HSM, now, how can I protect my passwords when they are in the database? -- Eric Chamberlain Founder RF.com http://RF.com/ _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
