On Aug 20, 2008, at 10:19 AM, Tzafrir Cohen wrote: > On Wed, Aug 20, 2008 at 10:00:55AM -0700, Eric Chamberlain wrote: >> We are exploring using Asterisk for a project and we are looking >> for a >> way to encrypt/decrypt the peer passwords stored in the realtime >> database (postrges). >> >> Ideally, we want to use a public key to encrypt the passwords before >> they go into the database and have Asterisk use a private key to >> decrypt the password as part of the call out process. >> >> Has anyone developed something like this? > > What is the point in that? What threats does it help you to mitigate? >
Passwords are added/changed on a web front-end and stored in a database. We want to limit exposure to the Asterisk boxes, we don't want compromises of the web front-end or database to result in revealing passwords. These passwords are used to authenticate with other SIP systems, so storing a MD5 hash wouldn't work, hence the need to encrypt and decrypt. -- Eric Chamberlain Founder RF.com http://RF.com/ _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
