[Freeswitch-users] symbian s60 SIP over TLS

Michael Giagnocavo mgg at giagnocavo.net
Sun Sep 14 13:52:53 EDT 2008


>Anything is possible but the way the authentication data is hashed
>together it wouldn't be possible for someone to gain access to your
>authentication data derived from the auth headers in the sip packets.
>If it were so simple then everyone would be able to crack their Vonage
>accounts.

I know you know this, but I thought it'd mention it anyways. The security of digest is related to the security of your password in the first place. You CAN mount a brute force attack on the digest packets. So if you're picking simple passwords, don't rely on digest to prevent things.

Although, it's probably much more profitable for an attacker to attack the VoIP provider directly. Depending on their platform, this could be a lot easier than brute forcing even a simple password :).

-Michael





More information about the Freeswitch-users mailing list