Aymeric,
Good to hear from you!
There’s been some discussion in the IETF which we haven’t resolved on how to handle this.
I think you need to setup
different domains or realms each with one auth algorithm. If you offer two at the same
time - what’s the point?
You are still wide open for downgrade attacks and haven’t accomplished much.
I guess we will have to wait until the IETF resolves this issue, which propably applies to
more protocols.
The big question is how to upgrade a user base to stronger authentication algorithms in
HTTP Digest auth
without allowing downgrade attacks.
Cheers,
/O
On 16 Jun 2020, at 20:42, Henning Westerholt
<hw(a)skalatan.de> wrote:
Hello,
take a look to this parameter, you can switch between MD5 and SHA256, but only use once
at a time:
https://www.kamailio.org/docs/modules/5.3.x/modules/auth.html#auth.p.algori…
<https://www.kamailio.org/docs/modules/5.3.x/modules/auth.html#auth.p.algorithm>
About planned features – I am not aware of major extensions in this module. Of course,
any contribution is welcome.
Cheers,
Henning
--
Henning Westerholt –
https://skalatan.de/blog/ <https://skalatan.de/blog/>
Kamailio services –
https://gilawa.com <https://gilawa.com/>
From: sr-users <sr-users-bounces(a)lists.kamailio.org
<mailto:sr-users-bounces@lists.kamailio.org>> On Behalf Of Aymeric Moizard
Sent: Monday, June 15, 2020 10:31 PM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org
<mailto:sr-users@lists.kamailio.org>>
Subject: [SR-Users] MD5 and SHA-256 instead of MD5 or SHA-256...
Hi All,
I'd like to improve my setup by switching to SHA-256.
However, as a first step, I would like to offer both MD5 and SHA-256
in 2 different WWW-Authenticate header.
If I'm correct, this is not doable with the latest auth module?
Is this a planned feature?
As an alternative, I would like to decide the algorithm in the script
instead of a module parameter. It looks to me this is also not doable?
Again, is this a planned feature?
Thanks to all,
Regards
Aymeric
--
Antisip -
http://www.antisip.com
<http://www.antisip.com/>_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
<https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>