Encrypted endpoints secrets

Is it possible to save endpoints secrets in a ways which is different of just plain text? Both chan and pjsip ones?

Unless you are going to key in the unlock key every time that load the configuration (including at system start up), if you have access to those secrets you also have access to the key used to encrypt them, albeit with maybe slightly more work

1 Like

Thanks for your reply, that’s logical. But does asterisk support secret’s hash in its endpoints/extensions configs?

If you are thinking of the NTLM type situation, the hash is as good as the secret. The only possible difference is that the direct secret may be easy to remember, but there is no good reason for doing that with SP.

I’m not sure that SIP authentication does a double hash, in any case.

1 Like

I’m little confused, because this article describes the option I meant.

And you beleive that hash not more safe than plaintext to be stored?

It looks like it does use double hashes.

If you know the md5secret, you can use it to request authentication without knowing the real secret. As I said above, the only time it gives you an advantage is if the real secret is easy to take in at a glance, but if you are that worried, you would be using a random string as your secret in the first place, given that it doesn’t have to be entered by humans.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.