Re: [asterisk-users] Hide the plain text password (suggestion)
On Wed, Feb 16, 2011 at 12:01:20AM +0100, Hans Witvliet wrote: kept on reading the thread... Wouldn't it be better, for asterisk at least, to get rid of all this identification / authentication stuff? Keeping config files holding pain passwords or simple md5 isn't the way to solve this... Within the unix world those issues have been solved over and over again. Any chance that in 1.10 or scf we might be using something like pam? This only helps if someone has to prove the identity to you. Not if you have to prove to someone else that you know the password. In the latter case you have to actually know the plain text password, one way or the other. (If you don't, then whatever it is you know, is something a remote attacker can use). The price for using a hashes in Unix is that passwords are sent over the wire. SASL and other chalange-response authentication algorithms assume you have a common secret. And thus the server has to know the plain text password (but it is not sent in clear over the wire). -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On Tue, Feb 15, 2011 at 11:51:26PM +0100, Hans Witvliet wrote: On Tue, 2011-02-15 at 07:18 -0500, Richard Kenner wrote: Anyway, the answer is: No, it's mathematically impossible to do that. Even if the passwords were stored encrypted, Asterisk itself has to be able to get the plaintext passwords to send to the remote server; so the code to decrypt them must necessarily be located on the machine. And the Source Code to Asterisk is readily available, which is how come you were able to benefit from it, so it would be trivial to extract the passwords in any case. But there IS a way to improve things, and it's what Cisco routers do. You can have all password stored in config file encrypted with a single master key. That key is stored in a special file, containing just that key. THAT file must then be heavily-protected, but all OTHER config files can now be placed into CM or anywhere else they might be needed. -- sounds like asymetric cryptography Well, it does not have to be. As I mentioned, this can already be implemented today, with #exec. And technically there's no requirement for it to use asymetric cryptography. (Now, what happens if you ever have to replace the key? The old content from the version control becomes unusable. And of course you can't keep the key in version-control) -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On 02/15/2011 06:08 PM, Jian Gao wrote: How about encrypt the whole hard drive? If I built a server and give to other people, there is no easy way to stop them reset the root password or just mount my drive to read everything on it. But if build an encrypt OS then it will be secure. My question here are: 1Is this against Asterisk GPL? 2How about the performance on such a system? As long as you are providing the source code for Asterisk to anyone you distribute the binaries to, it does not matter how you distribute the binaries (encrypted or otherwise). However, encryption is not going to solve your problem: if the person you give the system to will have physical access to the system, then they will be able to access the filesystem after it is mounted. The passphrase for the filesystem has to be present at boot time for the system to be able to boot, so either it will be provided automatically or the user will be told what it is. In either case, the encryption won't end up protecting anything from the user. Encrypting filesystems or hard drives is designed to address a totally different need... it's for protecting the contents of the hard drive from someone who isn't supposed to have access to it, not the system's normal user. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA skype: kpfleming | jabber: kflem...@digium.com Check us out at www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
ken...@gnat.com (Richard Kenner) writes:
Here's a possible design:
- There's optionally a file in the config
directory called master_key. It contains just a string.
- A CLI command core encrypt string is added to Asterisk. It takes the
provided string, encrypts it using the string in master_key, and outputs
a string of the form {enc:encrypted_version_of_string}.
- The config file reader looks for strings of the form {enc:string}:
and replaces them, before otherwise parsing the line, with the decrypted
version of the string using the key in the master_key file.
This sounds pretty reasonable, except perhaps that you might only want
to convert strings in password fields -- otherwise you risk false
positives in e.g. the dial plan.
I can recommend contracting with one of the indepedent Asterisk
developers to get this done. You will likely find them on the
Asterisk-biz-list.
/Benny
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
- The config file reader looks for strings of the form {enc:string}:
and replaces them, before otherwise parsing the line, with the decrypted
version of the string using the key in the master_key file.
This sounds pretty reasonable, except perhaps that you might only want
to convert strings in password fields -- otherwise you risk false
positives in e.g. the dial plan.
I think this works much better if it's purely lexical. Otherwise, you
have to teach the code what's a password and what's not and maintaning
that is an ongoing issue, so I think a cleaner design would be to pick
some string that's just not going to occur anywhere.
I can recommend contracting with one of the indepedent Asterisk
developers to get this done. You will likely find them on the
Asterisk-biz-list.
I could easily do it myself if it were something that I personally needed
(except that I'm not sure if two-way encryption routines already exist
in Asterisk), but we don't have enough passwords for this to be an issue.
I was posting the design to address the issues raised by the person who
started the thread.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On Tue, Feb 15, 2011 at 10:31 AM, Danny Nicholas da...@debsinc.com wrote: -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of C F Sent: Tuesday, February 15, 2011 9:29 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Hide the plain text password Security through obscurity does not work with open source software. What a bold statement, are you telling me it works with closed source software? :P I love this, here you go, security through obscurity at its best: http://www.feplaw.com/news/lawsuit-filed-against-kaba-ilco20110211.cfm -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
Anyway, the answer is: No, it's mathematically impossible to do that. Even if the passwords were stored encrypted, Asterisk itself has to be able to get the plaintext passwords to send to the remote server; so the code to decrypt them must necessarily be located on the machine. And the Source Code to Asterisk is readily available, which is how come you were able to benefit from it, so it would be trivial to extract the passwords in any case. But there IS a way to improve things, and it's what Cisco routers do. You can have all password stored in config file encrypted with a single master key. That key is stored in a special file, containing just that key. THAT file must then be heavily-protected, but all OTHER config files can now be placed into CM or anywhere else they might be needed. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On 02/15/2011 06:18 AM, Richard Kenner wrote: Anyway, the answer is: No, it's mathematically impossible to do that. Even if the passwords were stored encrypted, Asterisk itself has to be able to get the plaintext passwords to send to the remote server; so the code to decrypt them must necessarily be located on the machine. And the Source Code to Asterisk is readily available, which is how come you were able to benefit from it, so it would be trivial to extract the passwords in any case. But there IS a way to improve things, and it's what Cisco routers do. You can have all password stored in config file encrypted with a single master key. That key is stored in a special file, containing just that key. THAT file must then be heavily-protected, but all OTHER config files can now be placed into CM or anywhere else they might be needed. How does that improve things? The reason that works with Cisco routers is because the code that reads that special key file and uses it to decrypt the other files is closed-source; nobody can see how it works. As another poster said, that's not true for Asterisk. If Asterisk had such a facility, the method used to decrypt the protected passwords would be publicly available, as would the decryption key (in the special key file). Anyone who wanted to decrypt the passwords from the config files would have an only slightly more complex route to do so... it would still be straightforward. And before anyone proposes modifying the installed copy of Asterisk to use a 'secret' method of decrypting the passwords... keep in mind that it is highly likely that everyone involved here is using Asterisk under the GPLv2 license, so distributing such a modified copy of Asterisk would necessarily including also distributing the modified source code, and thus the same problem arises. Security through obscurity does not work with open source software. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA skype: kpfleming | jabber: kflem...@digium.com Check us out at www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On Tue, Feb 15, 2011 at 07:18:08AM -0500, Richard Kenner wrote: Anyway, the answer is: No, it's mathematically impossible to do that. Even if the passwords were stored encrypted, Asterisk itself has to be able to get the plaintext passwords to send to the remote server; so the code to decrypt them must necessarily be located on the machine. And the Source Code to Asterisk is readily available, which is how come you were able to benefit from it, so it would be trivial to extract the passwords in any case. But there IS a way to improve things, and it's what Cisco routers do. You can have all password stored in config file encrypted with a single master key. That key is stored in a special file, containing just that key. THAT file must then be heavily-protected, but all OTHER config files can now be placed into CM or anywhere else they might be needed. Right. But it really won't help much (except complicating things) if the user has decent access to Asterisk. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
How does that improve things? The reason that works with Cisco routers is because the code that reads that special key file and uses it to decrypt the other files is closed-source; nobody can see how it works. As another poster said, that's not true for Asterisk. If Asterisk had such a facility, the method used to decrypt the protected passwords would be publicly available, as would the decryption key (in the special key file). Anyone who wanted to decrypt the passwords from the config files would have an only slightly more complex route to do so... it would still be straightforward. Please reread what I wrote. The encryption key for the passwords wouldn't be in Asterisk sources, but selected BY THE USER and stored in a SINGLE configuration file that contains just that password. This is what Cisco does. That way, the rest of the config files, which you might want to put in a CM system, need not be protected. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
Right. But it really won't help much (except complicating things) if the user has decent access to Asterisk. Yes, but we're talking about cases where the user *doesn't* have access to Asterisk. At many locations, including mine, Asterisk runs on a machine dedicated for that purpose and only people administering it have access to that machine. But config files are placed in a CM system which MANY more people have access to. Having plaintext passwords in those files is a real problem. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On Tue, Feb 15, 2011 at 07:54:54AM -0500, Richard Kenner wrote: Right. But it really won't help much (except complicating things) if the user has decent access to Asterisk. Yes, but we're talking about cases where the user *doesn't* have access to Asterisk. At many locations, including mine, Asterisk runs on a machine dedicated for that purpose and only people administering it have access to that machine. But config files are placed in a CM system which MANY more people have access to. Having plaintext passwords in those files is a real problem. In this case: #include the password (a file the line 'secret=') from a local file on the file system. The user has no access to it, right? It might as well be a database, a remote URL (CURL), an output of a script (#exec). Whichever works best for you. One test for you to consider: are the users able to use the encrypted configuration item in a different Asterisk system (without your concent)? -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
#include the password (a file the line 'secret=') from a local file on
the file system. The user has no access to it, right?
Right, but we're not talking ONE password, but ANY password. Having
dozens of those files, one for each password, gets to be a real pain
really fast. And you STILL want CM control of password changes even
if you're storing the encrypted versions: you want to be able to go
back to an old password, even if you don't know what it is.
One test for you to consider: are the users able to use the encrypted
configuration item in a different Asterisk system (without your
concent)?
Of course not! It would be useless if that were the case: the whole
point here would be that you need the master encryption key.
Here's a possible design:
- There's optionally a file in the config
directory called master_key. It contains just a string.
- A CLI command core encrypt string is added to Asterisk. It takes the
provided string, encrypts it using the string in master_key, and outputs
a string of the form {enc:encrypted_version_of_string}.
- The config file reader looks for strings of the form {enc:string}:
and replaces them, before otherwise parsing the line, with the decrypted
version of the string using the key in the master_key file.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On 15 Feb 2011, at 13:17, Richard Kenner wrote:
Of course not! It would be useless if that were the case: the whole
point here would be that you need the master encryption key.
Here's a possible design:
- There's optionally a file in the config
directory called master_key. It contains just a string.
- A CLI command core encrypt string is added to Asterisk. It takes the
provided string, encrypts it using the string in master_key, and outputs
a string of the form {enc:encrypted_version_of_string}.
- The config file reader looks for strings of the form {enc:string}:
and replaces them, before otherwise parsing the line, with the decrypted
version of the string using the key in the master_key file.
Let us know when you've made the patch..
S
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On Tue, Feb 15, 2011 at 08:17:20AM -0500, Richard Kenner wrote: #include the password (a file the line 'secret=') from a local file on the file system. The user has no access to it, right? Right, but we're not talking ONE password, but ANY password. Having dozens of those files, one for each password, gets to be a real pain really fast. And you STILL want CM control of password changes even if you're storing the encrypted versions: you want to be able to go back to an old password, even if you don't know what it is. Nope. Don't keep the password in the common version control. This is security through obscurity. Asterisk has to be able to read it as plain text, eventually. You can go the #exec route, keep an encrypted file, and keep the decryption key somewhere on the file system. If you don't put the decryption key outside of the version control, what you get is purely security through obsurity, that is: counting on the user to be forever dumb. If you want more than one: #include path/to/passwords.conf ; Or: ;#exec /usr/local/bin/decrypt_passwords_file [peer1](password1) ... [peer2](password2) ... passwords.conf has: [password1](!) secret = 11 [password2](!) secret = 11 [password3](!) secret = 11 [password4](!) secret = 11 And as the PERL saying goes, There Is More Than One Way To Do It. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
Security through obscurity does not work with open source software. What a bold statement, are you telling me it works with closed source software? :P -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
-Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of C F Sent: Tuesday, February 15, 2011 9:29 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Hide the plain text password Security through obscurity does not work with open source software. What a bold statement, are you telling me it works with closed source software? :P With closed source they call it obfuscation and there are 50K examples why that doesn't always work either :) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On 02/15/2011 09:29 AM, C F wrote: Security through obscurity does not work with open source software. What a bold statement, are you telling me it works with closed source software? :P Depends on your definition of 'works' I guess :-) With closed source software, it takes rather longer to figure out a way around the obscuring mechanism(s), but if enough people are interested in doing so, they will. With open source software, pretty much anyone can get around such mechanisms in a short period of time. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA skype: kpfleming | jabber: kflem...@digium.com Check us out at www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On Tue, 2011-02-15 at 07:18 -0500, Richard Kenner wrote: Anyway, the answer is: No, it's mathematically impossible to do that. Even if the passwords were stored encrypted, Asterisk itself has to be able to get the plaintext passwords to send to the remote server; so the code to decrypt them must necessarily be located on the machine. And the Source Code to Asterisk is readily available, which is how come you were able to benefit from it, so it would be trivial to extract the passwords in any case. But there IS a way to improve things, and it's what Cisco routers do. You can have all password stored in config file encrypted with a single master key. That key is stored in a special file, containing just that key. THAT file must then be heavily-protected, but all OTHER config files can now be placed into CM or anywhere else they might be needed. -- sounds like asymetric cryptography -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password (suggestion)
kept on reading the thread... Wouldn't it be better, for asterisk at least, to get rid of all this identification / authentication stuff? Keeping config files holding pain passwords or simple md5 isn't the way to solve this... Within the unix world those issues have been solved over and over again. Any chance that in 1.10 or scf we might be using something like pam? hw -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
How about encrypt the whole hard drive? If I built a server and give to other people, there is no easy way to stop them reset the root password or just mount my drive to read everything on it. But if build an encrypt OS then it will be secure. My question here are: 1Is this against Asterisk GPL? 2How about the performance on such a system? *Jian* On 11-02-15 04:50 AM, Tzafrir Cohen wrote: On Tue, Feb 15, 2011 at 07:18:08AM -0500, Richard Kenner wrote: Anyway, the answer is: No, it's mathematically impossible to do that. Even if the passwords were stored encrypted, Asterisk itself has to be able to get the plaintext passwords to send to the remote server; so the code to decrypt them must necessarily be located on the machine. And the Source Code to Asterisk is readily available, which is how come you were able to benefit from it, so it would be trivial to extract the passwords in any case. But there IS a way to improve things, and it's what Cisco routers do. You can have all password stored in config file encrypted with a single master key. That key is stored in a special file, containing just that key. THAT file must then be heavily-protected, but all OTHER config files can now be placed into CM or anywhere else they might be needed. Right. But it really won't help much (except complicating things) if the user has decent access to Asterisk. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
How about encrypt the whole hard drive? If I built a server and give to other people, there is no easy way to stop them reset the root password or just mount my drive to read everything on it. But if build an encrypt OS then it will be secure. It will be more secure. However, you (personally) will need to be present at the server, every time it is powered up, in order to enter the appropriate decryption key. You can't place the key in a file on the hard drive, or as part of the GRUB or LILO boot configuration, or on a USB stick or floppy, because if you do, the people you give the server to will have the information they need to break the encryption. You would have just pushed the problem back by one step. The only way to keep the encrypted disk (and server) secure, is to retain physical control of the necessary decryption key. My question here are: 1Is this against Asterisk GPL? That depends. If all of the software on the system is under GPL Version 2 (or the LGPL equivalent), then distributing such a system would be no different than distributing a system which didn't encrypt the disk. Under the terms of the GPL you would have to provide copies of the source code to the GPL'ed components to the system upon request, but you would not have to disclose the key used for a particular installation, If you include software which was under GPL Version 3, you might have to disclose the key. Ask a lawyer about that. 2How about the performance on such a system? Anywhere from poor, to perfectly fine, depending on how much disk I/O you do, whether a hardware encryption accelerator is available, and what encryption algorithm you choose. If your Asterisk implementation isn't doing a lot of recording and playback of audio files to/from disk, and it isn't running other applications at the same time, I suspect you wouldn't notice a really significant difference between encrypted and unencrypted operation, once the system had booted up and was running in a steady state. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On 2/14/2011 4:36 PM, Jian Gao wrote: Now in my asterisk config files, there are lines like: secret=some_password_in_plain_text Is it possible to hide these plain text password? I think 'md5secret' is what you're looking for. http://www.voip-info.org/wiki/view/Asterisk+sip+md5secret -- Jeremy Kister http://jeremy.kister.net./ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On 02/14/2011 03:36 PM, Jian Gao wrote: Now in my asterisk config files, there are lines like: secret=some_password_in_plain_text Is it possible to hide these plain text password? Who are you hiding them from? Anyone with access to the Asterisk server can already do far more damage than extracting these passwords. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA skype: kpfleming | jabber: kflem...@digium.com Check us out at www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On Mon, Feb 14, 2011 at 6:46 PM, Kevin P. Fleming kpflem...@digium.com wrote: On 02/14/2011 03:36 PM, Jian Gao wrote: Now in my asterisk config files, there are lines like: secret=some_password_in_plain_text Is it possible to hide these plain text password? Who are you hiding them from? Anyone with access to the Asterisk server can already do far more damage than extracting these passwords. For change control and configuration management systems there should be hide or exclude list that will block the display. ~~~ Andrew lathama Latham lath...@gmail.com ~~~ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
-Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jeremy Kister Sent: Monday, February 14, 2011 3:44 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Hide the plain text password On 2/14/2011 4:36 PM, Jian Gao wrote: Now in my asterisk config files, there are lines like: secret=some_password_in_plain_text Is it possible to hide these plain text password? I think 'md5secret' is what you're looking for. http://www.voip-info.org/wiki/view/Asterisk+sip+md5secret Jeremy Kister http://jeremy.kister.net./ md5secret will slow down the malicious person OP is/was worried about, but won't stop them. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
I am building a server for a client. I want them to try out the new Google Voice feature using my GV account. But I don't want expose my GV's password. *Jian * On 11-02-14 01:46 PM, Kevin P. Fleming wrote: On 02/14/2011 03:36 PM, Jian Gao wrote: Now in my asterisk config files, there are lines like: secret=some_password_in_plain_text Is it possible to hide these plain text password? Who are you hiding them from? Anyone with access to the Asterisk server can already do far more damage than extracting these passwords. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On 02/14/2011 04:08 PM, Jian Gao wrote: I am building a server for a client. I want them to try out the new Google Voice feature using my GV account. But I don't want expose my GV's password. There is no method to obscure a Google Voice password in the config file. chan_sip supports obscured passwords using 'md5secret', but all other protocols that Asterisk supports need the password in plaintext to be able to perform the authentication process required by that protocol. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA skype: kpfleming | jabber: kflem...@digium.com Check us out at www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
Who are you hiding them from? Anyone with access to the Asterisk server can already do far more damage than extracting these passwords. You may (like we do) want to store config files in a version control system in a common repository. People who have access to that repository don't necessary have access to the Asterisk server. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On 11-02-14 05:10 PM, Kevin P. Fleming wrote: On 02/14/2011 04:08 PM, Jian Gao wrote: I am building a server for a client. I want them to try out the new Google Voice feature using my GV account. But I don't want expose my GV's password. There is no method to obscure a Google Voice password in the config file. chan_sip supports obscured passwords using 'md5secret', but all other protocols that Asterisk supports need the password in plaintext to be able to perform the authentication process required by that protocol. You could use the #exec method to execute a script, where the configuration can be generated in any method you want on module load. In that way, you can extrapolate the information outside of Asterisk and secure it using any method you want. Leif. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Hide the plain text password
On 11-02-14 05:08 PM, Jian Gao wrote: I am building a server for a client. I want them to try out the new Google Voice feature using my GV account. But I don't want expose my GV's password. Actually in this case, your best bet is just going to be to create a separate account where you don't care about exposing the password to the user. Leif. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
