On Sat, 2008-07-19 at 23:33 +0200, Iñaki Baz Castillo wrote: > El Sábado, 19 de Julio de 2008, Scott Lawrence escribió: > > > A 'request replay' is an attempt by an attacker to use the > > authentication from one (legitimate) authenticated request to > > authenticate some other (forged) request. > > Thanks for the explanation. > And how can "nonce count" help here? If the original request has "nc=000001" > and the attacker then set "nc=000002", how can help "nc" here?
Since the nc value is an input to the response hash, the attacker cannot change it without invalidating the hash; without the A1 secret, the attacker cannot generate a correct hash with the new nc value. -- Scott Lawrence tel:+1.781.229.0533;ext=162 or sip:[EMAIL PROTECTED] sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
