[Serusers] Sip-Username and Sip-Password
Marian Dumitru
marian.dumitru at voice-sistem.ro
Mon Nov 8 20:10:33 CET 2004
Hi Ricardo,
in Digest Authentication (via mysql or radius) the password is never
sent out on network. The nounce is a challenge (random data) sent by
server. The client will do some MD5 over this nounce and the passwd
(and more info) and send the result back to server which will do the
similar computation. The result must match for a valid authentication.
Best regards,
Marian
Ricardo Martinez wrote:
> Hello List.
> I have a question regarding to the User and Password configured in a
> UA. In which part of all the authentication process the password is used by
> SER? If i have Radius for authenticate users, this password is "encrypted"
> in the nonce parameter? If so, what prevent for some attacker to
> "intercept" this packet and obtain this values?.
>
> Thanks in advance
>
> Ricardo Martinez
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
--
Voice Sistem
http://www.voice-sistem.ro
More information about the sr-users
mailing list