[OpenSIPS-Users] SIP password auth mechanism

Abdul Basit basit.engg at gmail.com
Thu Mar 9 05:37:22 EST 2017 

Hi Geeks,

While exploring further I found a draft explaining elliptic curve secure
remote protocol (*EC-SRP*) for SIP authentication
https://tools.ietf.org/html/draft-liu-sipcore-ec-srp5-03

This explanation seems align with my requirements of not storing password
in database.
UAC and UAS both should support EC-SRP.

Do we have any road-map of opensips implementing of EC-RSP or similar
authentication mechanism?
I will check the same with PJSIP because i couldn't find any traces on
their forum as well.

--
regards,

abdul basit


On Wed, Mar 8, 2017 at 9:53 PM, Abdul Basit <basit.engg at gmail.com> wrote:

> Hi Bogdan,
>
> I am using PJSIP as UAC and Opensips as UAS with radius for AAA.
> I wanted to avoid getting into the code but let me check the flexibility.
>
> Thank you for your reply :)
>
> --
> regards,
>
> abdul basit
>
> On Wed, Mar 8, 2017 at 1:34 AM, Bogdan-Andrei Iancu <bogdan at opensips.org>
> wrote:
>
>> Hi Abdul,
>>
>> Besides the digest auth, there is no other standard auth mechanism for
>> SIP, AFAIK.
>>
>> If you have control over the SIP UAC, of course, you could try to build
>> your own auth mechanism - OpenSIPS offers enough flexibility in terms of
>> both header manipulation and data computing.
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>   OpenSIPS Founder and Developer
>>   http://www.opensips-solutions.com
>>
>> OpenSIPS Summit May 2017 Amsterdam
>>   http://www.opensips.org/events/Summit-2017Amsterdam.html
>>
>> On 03/07/2017 10:26 AM, Abdul Basit wrote:
>>
>> Hi,
>>
>> I have a scenario where I will create password HASH = SALT + STRING and
>> save SALT and resulted HASH only in DB.
>>
>> I will transport random STRING value to my custom sip application as
>> password.
>>
>> Digest authentication is not comply with this requirement.
>>
>> Is that any supported authentication mechanism that can fulfill this
>> requirement.
>> or is there any more appropriate authentication mechanism by
>> opensips/kamailio?
>>
>> One of the objectives is in case DB will compromise, users passwords will
>> not available because random STRING will not store in DB.
>>
>> Looking forward for suggestions and comments.
>>
>> --
>> regards,
>>
>> abdul basit
>>
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170309/da55dc71/attachment.html>

More information about the Users mailing list