Hey Eric, That I really have no experience with. Never really played with security modules. Although someone more experienced should be able to chime in.
Eric Chamberlain wrote: > On Aug 20, 2008, at 12:34 PM, Igor Hernandez wrote: > >> Hey SIP, >> >> I understand what you're saying but keeping the key in memory >> permanently doesn't protect you for very long, it just makes the >> attacker waste a bit more time scanning the memory to get at the key. >> >> In other words, if the key is available to asterisk it will be >> available >> to anyone else in the system with sufficient privileges. >> > > Assume I'm using a FIPS 140-2 Level 4 HSM, now, how can I protect my > passwords when they are in the database? > > -- > Eric Chamberlain > Founder > RF.com > http://RF.com/ > > > > > > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > AstriCon 2008 - September 22 - 25 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- Igor Hernandez Escape Communications http://www.escapetel.com _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
