On Wed, Aug 20, 2008 at 02:20:50PM -0400, SIP wrote:
> Tzafrir Cohen wrote:
> > On Wed, Aug 20, 2008 at 10:00:55AM -0700, Eric Chamberlain wrote:
> >
> >> We are exploring using Asterisk for a project and we are looking for a
> >> way to encrypt/decrypt the peer passwords stored in the realtime
> >> database (postrges).
> >>
> >> Ideally, we want to use a public key to encrypt the passwords before
> >> they go into the database and have Asterisk use a private key to
> >> decrypt the password as part of the call out process.
> >>
> >> Has anyone developed something like this?
> >>
> >
> > What is the point in that? What threats does it help you to mitigate?
> >
> >
> It helps you mitigate an incredible amount of headache if someone hacks
> in and gains access to your DB. The user accounts are still rather
> secure -- at least long enough to inform your users to change their
> passwords.
So those passwords are used elsewhere?
In that case, look into md5secret. That is: store a digest of the
password (and a few more bits) on the DB.
--
Tzafrir Cohen
icq#16849755 jabber:[EMAIL PROTECTED]
+972-50-7952406 mailto:[EMAIL PROTECTED]
http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
AstriCon 2008 - September 22 - 25 Phoenix, Arizona
Register Now: http://www.astricon.net
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
