Hi Bogdan, Sorry for very late reply. I couldn't find any implementation if *EC-SRP *yet.
However, Ejabbered implemented https://en.wikipedia.org/wiki/ Salted_Challenge_Response_Authentication_Mechanism *(SCRAM)* <https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism> This is interesting model and can be adopted for SIP based services as well. -- regards, abdul basit | p: +92 32 1416 4196 | o: +92 30 0841 1445 On Fri, Mar 10, 2017 at 8:29 PM, Bogdan-Andrei Iancu <[email protected]> wrote: > Hi Abdul, > > I see that's a draft, so hard to judge on how far it will get. And > something like this is not on our roadmap, maybe because of its very, very > low priority in terms of needs. Do you have any idea if anyone actually > implemented this ? > > Regards, > > Bogdan-Andrei Iancu > OpenSIPS Founder and Developer > http://www.opensips-solutions.com > > OpenSIPS Summit May 2017 Amsterdam > http://www.opensips.org/events/Summit-2017Amsterdam.html > > On 03/09/2017 12:37 PM, Abdul Basit wrote: > > Hi Geeks, > > While exploring further I found a draft explaining elliptic curve secure > remote protocol (*EC-SRP*) for SIP authentication > https://tools.ietf.org/html/draft-liu-sipcore-ec-srp5-03 > > This explanation seems align with my requirements of not storing password > in database. > UAC and UAS both should support EC-SRP. > > Do we have any road-map of opensips implementing of EC-RSP or similar > authentication mechanism? > I will check the same with PJSIP because i couldn't find any traces on > their forum as well. > > -- > regards, > > abdul basit > > > On Wed, Mar 8, 2017 at 9:53 PM, Abdul Basit <[email protected]> wrote: > >> Hi Bogdan, >> >> I am using PJSIP as UAC and Opensips as UAS with radius for AAA. >> I wanted to avoid getting into the code but let me check the flexibility. >> >> Thank you for your reply :) >> >> -- >> regards, >> >> abdul basit >> >> On Wed, Mar 8, 2017 at 1:34 AM, Bogdan-Andrei Iancu < >> <[email protected]>[email protected]> wrote: >> >>> Hi Abdul, >>> >>> Besides the digest auth, there is no other standard auth mechanism for >>> SIP, AFAIK. >>> >>> If you have control over the SIP UAC, of course, you could try to build >>> your own auth mechanism - OpenSIPS offers enough flexibility in terms of >>> both header manipulation and data computing. >>> >>> Regards, >>> >>> Bogdan-Andrei Iancu >>> OpenSIPS Founder and Developer >>> http://www.opensips-solutions.com >>> >>> OpenSIPS Summit May 2017 Amsterdam >>> http://www.opensips.org/events/Summit-2017Amsterdam.html >>> >>> On 03/07/2017 10:26 AM, Abdul Basit wrote: >>> >>> Hi, >>> I have a scenario where I will create password HASH = SALT + STRING and >>> save SALT and resulted HASH only in DB. I will transport random STRING >>> value to my custom sip application as password. >>> Digest authentication is not comply with this requirement. Is that any >>> supported authentication mechanism that can fulfill this requirement. >>> or is there any more appropriate authentication mechanism by >>> opensips/kamailio? >>> One of the objectives is in case DB will compromise, users passwords >>> will not available because random STRING will not store in DB. >>> Looking forward for suggestions and comments. >>> -- regards, >>> abdul basit >>> >>> _______________________________________________ >>> Users mailing >>> [email protected]http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>>
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
