----- "Rizwan Hisham" <[EMAIL PROTECTED]> wrote:
> WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="584760da"
> Authorization: Digest username="bernart48", realm="asterisk", algorithm=MD5,
> uri="sip:[EMAIL PROTECTED]:9060", nonce="584760da",
> response="948d3923bf2df47eca17c572713af2c7", opaque=""
> What i dont know, and would very much like to know, is what is the
> purpose of this parameter in sip packets?
It's kind of challenge algorithm. What you see in "response" is not
MD5(password), but MD5('password', 'realm', ..., 'nonce'). Nonce is generated
by server so that you don't get the same hash for for every authorization by
that user. It prevents someone who can see only one way communication from
breaking your sip session + makes breaking hash a little bit harder.
Nonce should be unique per authorization.
If nonce wasn't used you could reuse the same response in next connection even
if you don't know the real password.
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
