[SR-Users] using bcrypt passwd hashing
Alex Balashov
abalashov at evaristesys.com
Sat Nov 11 16:49:18 CET 2017
Do you know of any mainstream SIP UACs which support anything other than standard MD5 digest auth?
On November 10, 2017 7:11:26 PM EST, "Walter Martín Villalba" <wvillalba at gmail.com> wrote:
>Hello,
>
>I did some searches online and talked to some colleagues and it seems
>Kamailio only supports the traditional HTTP digest authentication,
>which
>uses MD5. I would like to know if any of you has been successful in
>using
>bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has been
>deemed
>as obsolete and insecure a long time ago. Perhaps you've written your
>own
>auth module, or just modified the config script to call some other
>credential checking routine using a custom python/perl script (I'm
>thinking
>of doing the latter, of nothing better is available).
>
>If any of you have done something like this, using bcrypt or any other
>current and secure hashing algorithm, I would appreciate some guidance.
> If
>you haven't, aren't you concerned about storing MD5 password hashes in
>your
>database?
>
>Note: if I can't find a good answer using this list, I will try the
>developer's list next.
>
>Thanks in advance,
>
>Martín.
-- Alex
--
Sent via mobile, please forgive typos and brevity.
More information about the sr-users
mailing list