<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hello,</p>
    <p>latest kamailio versions support also SHA256 algorithm:</p>
    <p>  -
<a class="moz-txt-link-freetext" href="https://www.kamailio.org/docs/modules/stable/modules/auth.html#idp36720604">https://www.kamailio.org/docs/modules/stable/modules/auth.html#idp36720604</a></p>
    <p>However, the main blocker in suing a different hashing algorithm
      are the sip client devices (mainly hardphones), which implement
      only MD5. If you implement your own client app, then you can
      extend kamailio to support whatever hashing you do in the client.</p>
    <p>Then, of course you can use client side tls certificates for
      authentication, which should be better than any hashing algorithm.<br>
    </p>
    <p>Cheers,<br>
      Daniel<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11.11.17 01:11, Walter Martín
      Villalba wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CA+V_MsJJKyWYzV1Nei6u+iB=2fWmOU2vHVU8sK5t111wKmVXXw@mail.gmail.com">
      <div dir="ltr">Hello,
        <div><br>
        </div>
        <div>I did some searches online and talked to some colleagues
          and it seems Kamailio only supports the traditional HTTP
          digest authentication, which uses MD5. I would like to know if
          any of you has been successful in using
          bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has
          been deemed as obsolete and insecure a long time ago. Perhaps
          you've written your own auth module, or just modified the
          config script to call some other credential checking routine
          using a custom python/perl script (I'm thinking of doing the
          latter, of nothing better is available).</div>
        <div><br>
        </div>
        <div>If any of you have done something like this, using bcrypt
          or any other current and secure hashing algorithm, I would
          appreciate some guidance.  If you haven't, aren't you
          concerned about storing MD5 password hashes in your database?</div>
        <div><br>
        </div>
        <div>Note: if I can't find a good answer using this list, I will
          try the developer's list next.</div>
        <div><br>
        </div>
        <div>Thanks in advance,</div>
        <div><br>
        </div>
        <div>Martín.</div>
        <div><br>
        </div>
        <div><br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Daniel-Constantin Mierla
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
Kamailio World Conference - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre>
  </body>
</html>