| 00:20.05 | jsmith | blitzrage: So, how's life? I haven't heard much from either you or Jim lately... |
| 00:52.24 | blitzrage | for MD5 secrets, the docs say that both ends still require access to the plaintext password - is that true? And if so, why? I'd think the one end could just generate the MD5 hash and then send it to the other end and never tell them what the password is |
| 00:52.57 | jsmith | I would sure think so... |
| 00:53.27 | jsmith | ... but it all depends on how it has been implemented. |
| 00:53.57 | jsmith | If it's done right, the md5 hash doesn't get transmitted across the wire, or it's just the same as a plaintext password. |
| 00:55.36 | blitzrage | well thats what happens afaik |
| 00:55.54 | blitzrage | because once you make the hash, you can't get the password back out of it |
| 00:56.21 | jsmith | But if you transmit the md5 hash in plain text, it's just as good as a password. |
| 00:56.24 | jsmith | See what I'm saying? |
| 00:57.06 | blitzrage | yep, but that must be what it does though |
| 00:57.11 | jsmith | I don't think so. |
| 00:57.18 | blitzrage | well what else is it transmitting then? |
| 00:57.22 | jsmith | I think it uses a challenge/response system. |
| 00:58.11 | jsmith | Alice says "take your password, add the word "tomorrow" to the end, and then generate the hash. Did you get a52fbc1a?" |
| 00:58.35 | blitzrage | you specify the hash in the sip.conf/iax.conf file with md5secret though |
| 00:59.07 | blitzrage | echo -n "<username>:<realm>:<secret>" | md5sum |
| 00:59.21 | jsmith | Then how do both sides "have access to the password"? |
| 00:59.39 | jsmith | Unless they meant both sides must have access to the md5 checksum. |
| 00:59.54 | blitzrage | I think so |
| 01:00.13 | jsmith | Ask Kram or Olle... heck, even drumkilla probably knows. |
| 01:00.22 | blitzrage | its just so you don't have plaintext passwords in your sip.conf from what I can tell - but I'm not entirely sure what the advantages are |
| 01:02.11 | jsmith | There are none, if the md5 hash is passed in plain text, which I'm sure it must not be. |
| 03:18.35 | *** join/#asterisk-doc Esteli (~psolomon@69-165-217-96.atlsfl.adelphia.net) |
| 12:40.30 | *** join/#asterisk-doc MikeJ[Laptop] (~ircatjerr@mi.origenfinancial.com) |
| 13:31.07 | *** join/#asterisk-doc Goshen-zzzz (~Goshen@c-67-172-238-57.hsd1.ut.comcast.net) |
| 15:41.46 | *** join/#asterisk-doc maik (~maik@bfs.cs.uni-sb.de) |
| 23:49.33 | *** join/#asterisk-doc MikeJ[Laptop] (~ircatjerr@adsl-69-209-152-90.dsl.sfldmi.ameritech.net) |