Mark, What about using OpenSSL? It has the "right" lincense (BSD-like) and has become a bit of a standard.
It will do everything that has been requested including interface with external hardware encrption devices. SSL allows the two ends to "decide" on a cipher much like VOIP phones "decide" on a codec. So people wanting a simple fast, short key cipher can choose that and those neding militarty grade encryption can use that. This all happens inside the library I'd advise strongly NOT rolling your own crpto software unless you have a Phd in the subject and access to experts for peer review. Very few non-experts have gotten it right. The hard part is the key managment. (A strong lock on your front door with the key hidden under the mat is not so good.) The RC4 cipher (suplied by) OpenSSL is simple and fast. The media strean is XORed byte by byte with a "key stream" that is just a sequence of psuedo random characters. It is very fast and has only one byte delay (that's 0.125 milliseconds at Asterisk's sample rate. Not bad. RC4 was designed for streaming media. and aviods "block at a time" encryption. There is CPU overhead to generate the key stream but near zero delay. Asuming the CPU can "keep up" The API associated with OpenSSL has a bit of a steep learning curve but there ARE experts o the mailing list. http://www.openssl.org/ --- Mark Spencer <[EMAIL PROTECTED]> wrote: > > If you're looking for encryption enough to foil casual sniffers why > not just > > use something like DES1 or even straightforward and fast XOR > encryption and > > use a hash of the call ID, trunking messages and rekey with new > values > > every few seconds (let's say with a random sample of the > unencrypted audio > > from the stream) -- the only hard part is verifying that both sides > have > > that particular packet. > > I think AES is a good choice since it operates on 16-byte blocks and > is > considered very strong (and of course, i already have an > implementation on > the iaxy). The devil is in the details though, so I'd be interested > in > hearing details. There would need to be support for both a > shared-key > model and for a model where (if RSA authentication is used), the key > can > be negotiated just for the session. How does that sound? > > Mark > > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users ===== Chris Albertson Home: 310-376-1029 [EMAIL PROTECTED] Cell: 310-990-7550 Office: 310-336-5189 [EMAIL PROTECTED] KG6OMK __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
