Re: [asterisk-users] Asterisk encrypted authentication for clients

Thank you very much Dave, _Motty On 10/31/2015 10:47 AM, Dave Platt wrote: Thanks Jeff, just to confirm, password are not sent in plain text? I want to safeguard against man in the middle attacks, sniffing traffic of clients. That's correct. The way it works is: - Both the client, and

Re: [asterisk-users] Asterisk encrypted authentication for clients

> Thanks Jeff, just to confirm, password are not sent in plain text? I > want to safeguard against man in the middle attacks, sniffing traffic of > clients. That's correct. The way it works is: - Both the client, and Asterisk, know what the password is. - The client sends a SIP message

Re: [asterisk-users] Asterisk encrypted authentication for clients

On 10/29/2015 04:01 PM, Motty wrote: On 10/29/2015 01:11 PM, Jeff LaCoursiere wrote: On 10/28/2015 06:37 PM, Pete Mundy wrote: Hi Motty, Isn't the whole point of the nonce in a SIP registration to ensure the secret doesn't go on the wire in plain-text? Is this not enough, or are you

Re: [asterisk-users] Asterisk encrypted authentication for clients

Thanks Jeff, just to confirm, password are not sent in plain text? I want to safeguard against man in the middle attacks, sniffing traffic of clients. Thanks, _motty On 10/30/2015 07:37 AM, Jeff LaCoursiere wrote: On 10/29/2015 04:01 PM, Motty wrote: On 10/29/2015 01:11 PM, Jeff

Re: [asterisk-users] Asterisk encrypted authentication for clients

On 10/28/2015 06:37 PM, Pete Mundy wrote: Hi Motty, Isn't the whole point of the nonce in a SIP registration to ensure the secret doesn't go on the wire in plain-text? Is this not enough, or are you looking to hide the username too? (if so, fair 'nuf, just wondering why :) Pete Ps, if so

Re: [asterisk-users] Asterisk encrypted authentication for clients

Thanks Jeff, I don't want SIP over TLS. I would like to encrypt password only, I suppose over TLS. Thanks, _motty On 10/29/2015 01:11 PM, Jeff LaCoursiere wrote: On 10/28/2015 06:37 PM, Pete Mundy wrote: Hi Motty, Isn't the whole point of the nonce in a SIP registration to ensure the

Re: [asterisk-users] Asterisk encrypted authentication for clients

On 28 October 2015 at 22:54, Motty wrote: > Hello, > I am searching for a solution to encrypt authentication from Asterisk > server to clients. Searching srtp seem to encrypt traffic, I just want > client authentication with encryption. Can someone point to the right >

Re: [asterisk-users] Asterisk encrypted authentication for clients

Hello, Thank you for your email. I am currently out of the office and will return on Tuesday 3rd November 2015. Whilst I will periodically be checking my emails, your email has been forwarded to i...@gmlnt.com. If your query is urgent then please contact 01255 851 999 and press option 2 to speak

Re: [asterisk-users] Asterisk encrypted authentication for clients

Motty, Isn't this why digest authentication (ie the nonce[1]) is part of the standard SIP auth handshake?  Ie, why do you think the password is not already encrypted? Pete [1] https://andrewjprokop.wordpress.com/2015/01/27/understanding-sip-authentication/ (paragraph starting 'Take a look at

Re: [asterisk-users] Asterisk encrypted authentication for clients

Hello, Thank you for your email. I am currently out of the office and will return on Tuesday 3rd November 2015. Whilst I will periodically be checking my emails, your email has been forwarded to i...@gmlnt.com. If your query is urgent then please contact 01255 851 999 and press option 2 to speak

[asterisk-users] Asterisk encrypted authentication for clients

Hello, I am searching for a solution to encrypt authentication from Asterisk server to clients. Searching srtp seem to encrypt traffic, I just want client authentication with encryption. Can someone point to the right direction? has anybody used ZRTP? experience with ZRTP? Thanks, _motty --

Re: [asterisk-users] Asterisk encrypted authentication for clients

Hi Motty, Isn't the whole point of the nonce in a SIP registration to ensure the secret doesn't go on the wire in plain-text? Is this not enough, or are you looking to hide the username too? (if so, fair 'nuf, just wondering why :) Pete Ps, if so then I think TLS is the missing part of your