On Tue, Feb 15, 2011 at 11:51:26PM +0100, Hans Witvliet wrote:
> On Tue, 2011-02-15 at 07:18 -0500, Richard Kenner wrote:
> > > Anyway, the answer is: No, it's mathematically impossible to do
> > > that. Even if the passwords were stored encrypted, Asterisk itself
> > > has to be able to get the plaintext passwords to send to the remote
> > > server; so the code to decrypt them must necessarily be located on
> > > the machine. And the Source Code to Asterisk is readily available,
> > > which is how come you were able to benefit from it, so it would be
> > > trivial to extract the passwords in any case.
> >
> > But there IS a way to improve things, and it's what Cisco routers do.
> > You can have all password stored in config file encrypted with a
> > single master key. That key is stored in a special file, containing
> > just that key. THAT file must then be heavily-protected, but all
> > OTHER config files can now be placed into CM or anywhere else they
> > might be needed.
> >
> >
> > --
>
> sounds like asymetric cryptography ....
Well, it does not have to be. As I mentioned, this can already be
implemented today, with #exec. And technically there's no requirement
for it to use asymetric cryptography.
(Now, what happens if you ever have to replace the key? The old content
from the version control becomes unusable. And of course you can't keep
the key in version-control)
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.co...@xorcom.com
+972-50-7952406 mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
