Thread: What about security?
View Single Post
Unread 10-26-2009, 10:09 AM   #4
martin
 
Join Date: Feb 2006
Posts: 2,930
Thanks: 528
Thanked 646 Times in 340 Posts
martin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the rough
Default
Quote:
Originally Posted by sleek View Post
In essence, this means, everyone, from our neighbor, our ISP and all the way to the SIP server, people can eavesdrop on our conversations with ease.
Not sure how your neighbor is eavesdropping unless you have an unsecure wireless connect. Theoretically an ISP could eavesdrop on the RTP stream. However, it would seem highly unlikely.

Quote:
It also means people with weak passwords are subject to account hijacking, because the md5 hash also travels without any encryption.
If you read up on the SIP protocol you will see that SIP authentication uses a nonce to encrypt the password.

Even if a man in the middle attacker was to capture the auth token they would not be able to simply replay it as the SIP server would require a new encrypted auth token matching a newly issued nonce.
__________________
Martin

Please post support questions on the forum. Do not send PMs unless requested.
martin is offline   Reply With Quote