[Serusers] Password

Kapil Dhawan kdhawan at primus-direct.com
Tue Feb 10 04:02:51 CET 2004 

one thing i like to ask is is nonce field used as encrypted password...

Regards

Dhawan K

---------- Original Message -----------
From: Jiri Kuthan <jiri at iptel.org>
To: "kapil dhawan" <oswriter at hotmail.com>
Cc: serusers at lists.iptel.org
Sent: Tue, 10 Feb 2004 02:18:36 +0100
Subject: Re: [Serusers] Password

> At 02:11 AM 2/10/2004, kapil dhawan wrote:
> >thats absolutely fine i know md5 is used....i can also compare coming 
password in requested with my md5 converted password but i am stuck with how 
and where to read pasword information coming in a request
> 
> The authentication module does it for you. It takes the MD5-hashed value
> from request (example bellow) and compares it against expected value based 
> on credentials stored in subscriber table. The table may be located in 
mysql, 
> dbtext or whereever.
> 
> -jiri
> 
> example: 
> Authorization: DIGEST username="17479383213", realm="proxy01.foobar.com", 
algorithm=MD5, uri="sip:proxy01.foobar.com", 
nonce="4028321e2577ba09167c3c5702bc2105d560dbaa", 
response="6e71e5747df3198d24d00fb2a8733392"
> 
> >>From: Jiri Kuthan <jiri at iptel.org>
> >>To: "kapil dhawan" <oswriter at hotmail.com>, serusers at lists.iptel.org
> >>Subject: Re: [Serusers] Password
> >>Date: Mon, 09 Feb 2004 08:27:26 +0100
> >>
> >>At 05:04 AM 2/9/2004, kapil dhawan wrote:
> >>>Hi
> >>>How can i retrieve password coming in 'REGISTER' Request.
> >>
> >>There is fortunately no easy way to do it. SIP used MD5 digest
> >>function which would be quite hard to reverse for you.
> >>
> >>>problem is i don't want to do mysql authentication as i have less 
space...
> >>
> >>use dbtext module.
> >>
> >>-jiri
> >
> >_________________________________________________________________
> >Contact brides & grooms FREE! http://www.shaadi.com/ptnr.php?ptnr=hmltag 
Only on www.shaadi.com. Register now!
> 
> --
> Jiri Kuthan            http://iptel.org/~jiri/
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
------- End of Original Message -------


.







Disclaimer
--------------------------------------------------------------------------
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify the system manager. Recipients must 
check this email and any attachments for the presence of 
viruses before downloading them. Direct Internet / 
Primus India accepts no liability for any damage caused by
any virus transmitted by this email.

More information about the sr-users mailing list