On Thu, 2006-01-05 at 14:05 +0100, Tomislav Parcina wrote: > In article <[EMAIL PROTECTED]>, trixter@ > 0xdecafbad.com says... > > to add to this, given the state of MD5 and its 'security' or lack > > thereof, its a bit over simplistic to just say md5 without adding that > > its actually 3 md5 hashes... Precomputing is harder (but not > > impossible) because of the way its done. The nonce makes it a little > > harder - although the nonce is known even by an attacker ... > > To make long story short, SIP can be cracked (like evrything else). It > isn't so simple like sniffing the line because data is encripted. I > don't have to put anything extra in my sip.conf (or any other conf file) > or in my softphone for basic security (md5 encription), because all is > "allready there". > > Have I got that right? > >
Yeah pretty much. While SIP can be cracked I would like to emphaise that the benfit to 'work' ratio is such that its not likely that osmeone would even try anything more than a simple dictionary attack so choosing good passwords helps a lot in this regard. -- Trixter http://www.0xdecafbad.com Bret McDanel UK +44 870 340 4605 Germany +49 801 777 555 3402 US +1 360 207 0479 or +1 516 687 5200 FreeWorldDialup: 635378 http://www.sacaug.org/ Sacramento Asterisk Users Group
signature.asc
Description: This is a digitally signed message part
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users