Do you know of any mainstream SIP UACs which support anything other than standard MD5 digest auth?
On November 10, 2017 7:11:26 PM EST, "Walter Martín Villalba" wvillalba@gmail.com wrote:
Hello,
I did some searches online and talked to some colleagues and it seems Kamailio only supports the traditional HTTP digest authentication, which uses MD5. I would like to know if any of you has been successful in using bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has been deemed as obsolete and insecure a long time ago. Perhaps you've written your own auth module, or just modified the config script to call some other credential checking routine using a custom python/perl script (I'm thinking of doing the latter, of nothing better is available).
If any of you have done something like this, using bcrypt or any other current and secure hashing algorithm, I would appreciate some guidance. If you haven't, aren't you concerned about storing MD5 password hashes in your database?
Note: if I can't find a good answer using this list, I will try the developer's list next.
Thanks in advance,
Martín.
-- Alex
-- Sent via mobile, please forgive typos and brevity.