if kamailio doe snot use TLS all the mechanish in atuh module are send the pasword nude to the network?
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com
Hi, auth module implement digest authentication (rfc2617) so passwords are not sent in clear from the client to kamailio.
Federico
On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz mckaygerhard@gmail.com wrote:
if kamailio doe snot use TLS all the mechanish in atuh module are send the pasword nude to the network?
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
thanks for aswer Federico, another, if the communication beetween asterisk and kamailio are using public ip, that password are easyl hackaeable?
i read rfc2617 but does are not clear respect security and seems SIP is not an easy protocol to secure due relationship beetween both are trusted or something similar?
El mar., 5 de mar. de 2019 a la(s) 03:08, Federico Cabiddu ( federico.cabiddu@gmail.com) escribió:
Hi, auth module implement digest authentication (rfc2617) so passwords are not sent in clear from the client to kamailio.
Federico
On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz mckaygerhard@gmail.com wrote:
if kamailio doe snot use TLS all the mechanish in atuh module are send the pasword nude to the network?
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
On Tue, Mar 5, 2019 at 1:12 PM PICCORO McKAY Lenz mckaygerhard@gmail.com wrote:
thanks for aswer Federico, another, if the communication beetween asterisk and kamailio are using public ip, that password are easyl hackaeable?
yes, they are hackable, exactly like HTTP passwords. Easily, that depends who the hackers are.
Actually, the method used for password exchange is exactly the same as in http (nonce + md5).
If you use long enough passwords, is probably almost ok, if you can cope with the breach that can happen (eg: limit the expenses toward your ITSP gateway, with a cap, or prepaid).
If you are thinking about privacy, then password are completely useless with "normal" SIP: both signaling (who you call) and media (the sound of the conversation) are in clear, and can be listened by anyone (no password needed).
For real security (and privacy, etc) go for TLS and SRTP (ZRTP being the uber good).
-giovanni
i read rfc2617 but does are not clear respect security and seems SIP is not an easy protocol to secure due relationship beetween both are trusted or something similar?
El mar., 5 de mar. de 2019 a la(s) 03:08, Federico Cabiddu ( federico.cabiddu@gmail.com) escribió:
Hi, auth module implement digest authentication (rfc2617) so passwords are not sent in clear from the client to kamailio.
Federico
On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz mckaygerhard@gmail.com wrote:
if kamailio doe snot use TLS all the mechanish in atuh module are send the pasword nude to the network?
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
El mar., 5 de mar. de 2019 a la(s) 09:33, Giovanni Maruzzelli (........@ gmail.com) escribió:
On Tue, Mar 5, 2019 at 1:12 PM PICCORO McKAY Lenz mckaygerhard@gmail.com wrote:
thanks for aswer Federico, another, if the communication beetween asterisk and kamailio are using public ip, that password are easyl hackaeable?
yes, they are hackable, exactly like HTTP passwords. Easily, that depends who the hackers are.
umm like that so then sound and any other stream beetween two right?
For real security (and privacy, etc) go for TLS and SRTP (ZRTP being the uber good).
TLS implementation are knowed, but some documentations and ruting examples for SRTP case?
very very thanks Giovanni Maruzzelli
-giovanni
i read rfc2617 but does are not clear respect security and seems SIP is not an easy protocol to secure due relationship beetween both are trusted or something similar?
El mar., 5 de mar. de 2019 a la(s) 03:08, Federico Cabiddu ( federico.cabiddu@gmail.com) escribió:
Hi, auth module implement digest authentication (rfc2617) so passwords are not sent in clear from the client to kamailio.
Federico
On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz < mckaygerhard@gmail.com> wrote:
if kamailio doe snot use TLS all the mechanish in atuh module are send the pasword nude to the network?
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Sincerely,
Giovanni Maruzzelli OpenTelecom.IT cell: +39 347 266 56 18
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Federico Cabiddu -
Giovanni Maruzzelli -
PICCORO McKAY Lenz