On Tue, Feb 15, 2011 at 07:18:08AM -0500, Richard Kenner wrote:
> > Anyway, the answer is: No, it's mathematically impossible to do
> > that. Even if the passwords were stored encrypted, Asterisk itself
> > has to be able to get the plaintext passwords to send to the remote
> > server; so the code to decrypt them must necessarily be located on
> > the machine. And the Source Code to Asterisk is readily available,
> > which is how come you were able to benefit from it, so it would be
> > trivial to extract the passwords in any case.
>
> But there IS a way to improve things, and it's what Cisco routers do.
> You can have all password stored in config file encrypted with a
> single master key. That key is stored in a special file, containing
> just that key. THAT file must then be heavily-protected, but all
> OTHER config files can now be placed into CM or anywhere else they
> might be needed.
Right. But it really won't help much (except complicating things) if the
user has decent access to Asterisk.
--
Tzafrir Cohen
icq#16849755 jabber:[email protected]
+972-50-7952406 mailto:[email protected]
http://www.xorcom.com iax:[email protected]/tzafrir
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
