On Sun, Jun 13, 2010 at 10:59:43AM -0700, Dave Platt wrote:
> The O.P. seems to have made two (fairly common) mistakes:
[snip]
> - Used the user's extension number as the SIP user ID... and
> thus making it easy to figure out which user IDs on which a
> password attack could be carried out.
Sadly this is something that FreePBX (and probably other systems) force
you to do.
One other minor nit:
> One of your best tools is a program or script to generate
> random sequences of letters and digits and other legal-
> in-SIP-names characters. Try something like
>
> dd if=/dev/urandom bs=512 count=1 | base64
>
> and then copy some 10- or 12-character substrings out of this
> mass of gibberish and use 'em for SIP secrets. With this many
> bits of randomness in the secrets, they'll be effectively
> invulnerable to guessing or brute force attacks.
Ahem. If you only want that many characters, just get less random bits.
This will get you 128 (16 * 8) [pseudo?]random bits:
head /dev/urandom -c 16 | base64
--
Tzafrir Cohen
icq#16849755 jabber:[email protected]
+972-50-7952406 mailto:[email protected]
http://www.xorcom.com iax:[email protected]/tzafrir
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
