How about encrypt the whole hard drive?
If I built a server and give to other people, there is no easy way to
stop them reset the root password or just mount my drive to read
everything on it. But if build an encrypt OS then it will be secure. My
question here are: <1>Is this against Asterisk GPL? <2>How about the
performance on such a system?
*Jian*
On 11-02-15 04:50 AM, Tzafrir Cohen wrote:
On Tue, Feb 15, 2011 at 07:18:08AM -0500, Richard Kenner wrote:
Anyway, the answer is: No, it's mathematically impossible to do
that. Even if the passwords were stored encrypted, Asterisk itself
has to be able to get the plaintext passwords to send to the remote
server; so the code to decrypt them must necessarily be located on
the machine. And the Source Code to Asterisk is readily available,
which is how come you were able to benefit from it, so it would be
trivial to extract the passwords in any case.
But there IS a way to improve things, and it's what Cisco routers do.
You can have all password stored in config file encrypted with a
single master key. That key is stored in a special file, containing
just that key. THAT file must then be heavily-protected, but all
OTHER config files can now be placed into CM or anywhere else they
might be needed.
Right. But it really won't help much (except complicating things) if the
user has decent access to Asterisk.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
