On 12 May 2006, at 19:21, Me wrote:
Can someone tell me if passwords are sent in plain text when using
IAX?
I have been told already that SIP automatically encrypts the password?
Anyone know of some good Asterisk security links, docs, articles?
Thanks!
There are 4 options (as configured in iax.conf)
no password - access checked on IP address/subnet
plaintext - deprecated, but I think it still works
md5 - password is hashed with a challenge, so it is (relatively)
immune to snooping/replay attacks.
rsa - based on shared private keys (ie the initial key exchange isn't
asterisk's problem)
The MD5 option suits for most purposes.
Tim Panton
[EMAIL PROTECTED]
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
Asterisk-Users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
