Theme

Search similar:

Forums → VOIP etc → VOIP →

VOIP Tech Chat → SIP username/password credentials and encryption

uniqs
10424

« What does it cost google to run google voice? • Voip.ms: static jitter during incoming calls. »

pcunite join:2010-04-10	pcunite Member 2010-Apr-14 3:30 pm SIP username/password credentials and encryption While I don't expect the voice packets themselves to be encrypted are the SIP username/password secret encrypted?
	· actions · 2010-Apr-14 3:30 pm ·
Trev AcroVoice & DryVoIP Official Rep Premium Member join:2009-06-29 Victoria, BC	Trev Premium Member 2010-Apr-14 3:54 pm With your usual SIP provider, your username will be transmitted in the clear but your password is never sent along the wire. Instead, it's used to generate a response to a challenge sent by the server.
	· actions · 2010-Apr-14 3:54 pm ·
MartinM VoIP.ms Premium Member join:2008-07-21 1 edit	MartinM to pcunite Premium Member 2010-Apr-14 6:08 pm to pcunite Your device will not send the password in its clear text form, will be clear text but hashed, as mentionned in the previous reply. For example, With VoIP, when you register: 1. Linksys Registration request to VoIP.ms 2. VoIP.ms -> Send us that back with MD5 password please 3. Linksys Sends back registration including password in MD5 Checksum (For example, "hello" in md5 is 5d41402abc4b2a76b9719d911017c592) 4. VoIP.ms server will compare md5 local password to your md5 hash Actual SIP Dialog Example of a registration: Example with Zoiper Softphone: 192.168.0.1 = Your IP Address SERVER_IP_ADDRESS = IP Address of server Client to server: Softphone send the registration attempt REGISTER sip:SERVER_IP_ADDRESS;transport=UDP SIP/2.0 Via: SIP/2.0/UDP 192.168.0.1:59733;branch=z9hG4bK-d8754z-e4223b781332f14e-1---d8754z- Max-Forwards: 70 Contact: <sip:MY_USERNAME@192.168.0.1:59733;rinstance=d80a6e5927037b98;transport=UDP> To: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP> From: "Matin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP>;tag=3017ec58 Call-ID: YWZlMDQ5NGY1ZDRkODUzYjIwM2VjN2IxYzRkNTUwZjg. CSeq: 1 REGISTER Expires: 3600 Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE User-Agent: Zoiper rev.6751 Allow-Events: presence Content-Length: 0 Server to Client: Server replies it's trying SIP/2.0 100 Trying Via: SIP/2.0/UDP 192.168.0.1:59733;branch=z9hG4bK-d8754z-e4223b781332f14e-1---d8754z-;received=192.168.0.1 From: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP>;tag=3017ec58 To: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP> Call-ID: YWZlMDQ5NGY1ZDRkODUzYjIwM2VjN2IxYzRkNTUwZjg. CSeq: 1 REGISTER User-Agent: VoIPMS/SERAST Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces Contact: <sip:MY_USERNAME@SERVER_IP_ADDRESS> Content-Length: 0 Server to Client: Server replies, Unauthorized, it wants its password challenge SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 192.168.0.1:59733;branch=z9hG4bK-d8754z-e4223b781332f14e-1---d8754z-;received=192.168.0.1 From: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP>;tag=3017ec58 To: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP>;tag=as68355ca6 Call-ID: YWZlMDQ5NGY1ZDRkODUzYjIwM2VjN2IxYzRkNTUwZjg. CSeq: 1 REGISTER User-Agent: VoIPMS/SERAST Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces WWW-Authenticate: Digest algorithm=MD5, realm="sip.ca2.voip.ms", nonce="5e954418" Content-Length: 0 Client to server: Softphone resend registration, this time with password in md5 located in the "response=" field REGISTER sip:SERVER_IP_ADDRESS;transport=UDP SIP/2.0 Via: SIP/2.0/UDP 192.168.0.1:59733;branch=z9hG4bK-d8754z-30e2cd9136938a0f-1---d8754z- Max-Forwards: 70 Contact: <sip:MY_USERNAME@192.168.0.1:59733;rinstance=d80a6e5927037b98;transport=UDP> To: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP> From: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP>;tag=3017ec58 Call-ID: YWZlMDQ5NGY1ZDRkODUzYjIwM2VjN2IxYzRkNTUwZjg. CSeq: 2 REGISTER Expires: 3600 Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE User-Agent: Zoiper rev.6751 Authorization: Digest username="MY_USERNAME",realm="sip.ca2.voip.ms",nonce="5e954418",uri="sip:SERVER_IP_ADDRESS;transport=UDP",response="d7fb6af2a3b75e1f91b8f65ef8ea8156",algorithm=MD5 Allow-Events: presence Content-Length: 0 Server to client: We're trying SIP/2.0 100 Trying Via: SIP/2.0/UDP 192.168.0.1:59733;branch=z9hG4bK-d8754z-30e2cd9136938a0f-1---d8754z-;received=192.168.0.1 From: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP>;tag=3017ec58 To: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP> Call-ID: YWZlMDQ5NGY1ZDRkODUzYjIwM2VjN2IxYzRkNTUwZjg. CSeq: 2 REGISTER User-Agent: VoIPMS/SERAST Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces Contact: <sip:MY_USERNAME@SERVER_IP_ADDRESS> Content-Length: 0 Server to client: Server is happy with that, sending the softphone the OK SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.0.1:59733;branch=z9hG4bK-d8754z-30e2cd9136938a0f-1---d8754z-;received=192.168.0.1 From: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP>;tag=3017ec58 To: "Martin M"<sip:MY_USERNAME@SERVER_IP_ADDRESS;transport=UDP>;tag=as68355ca6 Call-ID: YWZlMDQ5NGY1ZDRkODUzYjIwM2VjN2IxYzRkNTUwZjg. CSeq: 2 REGISTER User-Agent: VoIPMS/SERAST Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces Expires: 3600 Contact: <sip:MY_USERNAME@192.168.0.1:59733;rinstance=d80a6e5927037b98;transport=UDP>;expires=3600 Date: Wed, 14 Apr 2010 22:04:34 GMT Content-Length: 0
	· actions · 2010-Apr-14 6:08 pm ·
pcunite join:2010-04-10	pcunite Member 2010-Apr-14 6:21 pm MartinM, Thanks!
	· actions · 2010-Apr-14 6:21 pm ·
paul248 join:2001-09-04	paul248 Member 2010-Apr-16 12:52 am Your password is hashed along with a random "nonce" value that the server sends. If it weren't for that nonce value, then the hash would always be the same, and anyone could log in just by replaying your message. That said, if someone captures your packets, they can use the nonce and hash to perform an offline dictionary attack, so the system is only secure if you use a strong password. »en.wikipedia.org/wiki/Di ··· tication
	· actions · 2010-Apr-16 12:52 am ·

Forums → VOIP etc → VOIP → VOIP Tech Chat	« What does it cost google to run google voice? • Voip.ms: static jitter during incoming calls. »