[SR-Users] using bcrypt passwd hashing
Daniel-Constantin Mierla
miconda at gmail.com
Sat Nov 11 11:15:38 CET 2017
Hello,
latest kamailio versions support also SHA256 algorithm:
-
https://www.kamailio.org/docs/modules/stable/modules/auth.html#idp36720604
However, the main blocker in suing a different hashing algorithm are the
sip client devices (mainly hardphones), which implement only MD5. If you
implement your own client app, then you can extend kamailio to support
whatever hashing you do in the client.
Then, of course you can use client side tls certificates for
authentication, which should be better than any hashing algorithm.
Cheers,
Daniel
On 11.11.17 01:11, Walter Martín Villalba wrote:
> Hello,
>
> I did some searches online and talked to some colleagues and it seems
> Kamailio only supports the traditional HTTP digest authentication,
> which uses MD5. I would like to know if any of you has been successful
> in using bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which
> has been deemed as obsolete and insecure a long time ago. Perhaps
> you've written your own auth module, or just modified the config
> script to call some other credential checking routine using a custom
> python/perl script (I'm thinking of doing the latter, of nothing
> better is available).
>
> If any of you have done something like this, using bcrypt or any other
> current and secure hashing algorithm, I would appreciate some
> guidance. If you haven't, aren't you concerned about storing MD5
> password hashes in your database?
>
> Note: if I can't find a good answer using this list, I will try the
> developer's list next.
>
> Thanks in advance,
>
> Martín.
>
>
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
Kamailio World Conference - www.kamailioworld.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20171111/9b148463/attachment.html>
More information about the sr-users
mailing list