[Users] dbtext, password encryption (MD5) and authentication - how it works? CHAP?

Daniel-Constantin Mierla daniel at voice-system.ro
Thu Mar 16 18:31:28 CET 2006


Hello,

SIP uses WWW Digest authentication schema. All attributes included in 
authentication headers are defined by RFC2617 as well as the 
authentication logic.
http://www.ietf.org/rfc/rfc2617.txt

Cheers,
Daniel


On 03/16/06 18:12, Istvan Hubay Cebrian wrote:
> Hi,
>
> Regarding my previous e-mails please disregard them since I have fixed the
> problem. It was simply a miss configuration on my part, thanks to everyone
> that helped! I do however have another question regarding the same topic.
>
> Currently I am using 'dbtext' for authentication and MD5 hash strings for
> password encryption. Everything is working correctly however I don't
> understand how authentication is working.
>
> The subscribers file contains two MD5 hash strings, HA1 (username only) and
> HA1B (username and realm) and the password is not being stored as text. When
> I consult the SIP messages from my UA I notice the username and realm are
> being sent:
>
> Authorization: Digest
> username="qaz",realm="my.domain.com",nonce="387925b86f0cb610949dcea9079a3042
> 1020169f",response="d0f5e24cb8c022667aff65889b883155",uri="sip:my.domain.com
> "
>
> However the password isn't being sent. So how does authentication work? What
> is 'nonce' (above) and 'response'? 
>
> Is authentication based on CHAP? Thus:
> - UA sends username and realm (identifying user)
> - UA receives random unique challenge (response???)
> - UA sends challenge and password hash string
> - Authorization successful or not.
>
> If CHAP is what is being used, I still can't figure out how the password is
> being extracted since MD5 hash strings can't be reverted. And the password
> is being sent together with the challenge this there's nothing to compare
> with.
>
> I simply can't get my head around this.
>
> Any help will be much appreciated.
>
> Thanks,
> Istvan
>
>   




More information about the Users mailing list