Another question is whether an attacker can create special nonce's for one or more challenges it sends, that will help it figure out the password. For example can they help a rainbow-table type of password cracking, and how much the cnonce can prevent that.
-hadriel > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Jan > Janak > Sent: Saturday, March 07, 2009 2:09 PM > > On 05-03 14:31, Theo Zourzouvillys wrote: > > However, you don't cover the more interesting cases of multi-hop proxy > > authentication or end-to-end WWW authentication: these are the harder > > ones to deal with, and may result in some "real" issues in SIP itself > > rather than shoddy implementations and insecure proxies. > > Yes, after reading the discussion here I agree, perhaps the next revision > of > the ID (if there is going to be any) should describe more difficult cases, > such as multi-hop authentication and challenging proxies reachable through > one > common proxy. These are much harder cases to deal with. > > Jan. > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [email protected] for questions on current sip > Use [email protected] for new developments on the application of sip _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
