On 12/02/2011 05:24 PM, asterisk jobs wrote:
I am receiving requests to register to my Asterisk extensions. I have
the full SIP packets. I also do see what extension is being tried to be
registered. Is there ANY WAY to know what password is being attempted?
I think the appropriate term would be decode the base64 response I get
from the client. Here is what I get in the SIP packet from the client:
*
*
*Authorization: Digest username="4456678", realm="asterisk",
nonce="67461340", uri="sip:mailbox",
response="5a9a5f2b527ca9687c8f75705e6a2d25", algorithm=MD5*
Using a base64 decoder I get this:**å¯Zåý›çnÜkÞ¼íÏ ïžôåîšÙݹ from the
"response" above. Of course, that is not the plain password. So, is that
encrypted? How can I can I decrypt it?
As the Authorization header clearly states, this value is created using
an MD5 Digest (hash). Since it is a digest function, it is not
reversible. It is impossible to recover the password that was used
during the calculation of the response value (although given enough time
and CPU resources, it is possible go through a massive list of
possibilities and try each one until you find one that matches).
--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: [email protected] | SIP: [email protected] | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
