[Freeswitch-users] symbian s60 SIP over TLS
Michael Jerris
mike at jerris.com
Sun Sep 14 15:49:07 EDT 2008
On Sep 14, 2008, at 1:52 PM, Michael Giagnocavo wrote:
>> Anything is possible but the way the authentication data is hashed
>> together it wouldn't be possible for someone to gain access to your
>> authentication data derived from the auth headers in the sip packets.
>> If it were so simple then everyone would be able to crack their
>> Vonage
>> accounts.
>
> I know you know this, but I thought it'd mention it anyways. The
> security of digest is related to the security of your password in
> the first place. You CAN mount a brute force attack on the digest
> packets. So if you're picking simple passwords, don't rely on digest
> to prevent things.
>
> Although, it's probably much more profitable for an attacker to
> attack the VoIP provider directly. Depending on their platform, this
> could be a lot easier than brute forcing even a simple password :).
The digest is of more than just the password, there are other elements
to the hash's including the nonce, while in the "old days" these were
pretty hard to brute force, with the current availability of rainbow
tables, it shouldn't be that hard to reverse even non trivial passwords.
Mike
More information about the Freeswitch-users
mailing list