asterisk users - Aug 2008 - Is there a way to encrypt passwords stored in the realtime database?

We are exploring using Asterisk for a project and we are looking for a  
way to encrypt/decrypt the peer passwords stored in the realtime  
database (postrges).

Ideally, we want to use a public key to encrypt the passwords before  
they go into the database and have Asterisk use a private key to  
decrypt the password as part of the call out process.

Has anyone developed something like this?

--
Eric Chamberlain
Founder
RF.com
http://RF.com/

On Wed, Aug 20, 2008 at 10:00:55AM -0700, Eric Chamberlain
wrote:
> We are exploring using Asterisk for a project and we are looking for a  
> way to encrypt/decrypt the peer passwords stored in the realtime  
> database (postrges).
> 
> Ideally, we want to use a public key to encrypt the passwords before  
> they go into the database and have Asterisk use a private key to  
> decrypt the password as part of the call out process.
> 
> Has anyone developed something like this?
What is the point in that? What threats does it help you to mitigate?

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

I've never used it, but check out the md5 one-way encryption of passwords:

http://www.voip-info.org/wiki/index.php?page=Asterisk+sip+md5secret

http://books.google.com/books?id=vAT8Mfvp8GsC&pg=PA225&lpg=PA225&dq=asterisk+md5+secret&source=web&ots=1mUADiyRkP&sig=FJSBgcWMY3K0zoilVvgNvibJE4A&hl=en&sa=X&oi=book_result&resnum=6&ct=result


On Wed, Aug 20, 2008 at 10:00 AM, Eric Chamberlain <eric at rf.com> wrote:
> We are exploring using Asterisk for a project and we are looking for a
> way to encrypt/decrypt the peer passwords stored in the realtime
> database (postrges).
>
> Ideally, we want to use a public key to encrypt the passwords before
> they go into the database and have Asterisk use a private key to
> decrypt the password as part of the call out process.
>
> Has anyone developed something like this?
>
> --
> Eric Chamberlain
> Founder
> RF.com
> http://RF.com/
>
>
>
>
>
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> AstriCon 2008 - September 22 - 25 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>


-- 
Nicholas Blasgen
nicholas at blasgen.com
408.497.9796 (c)
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20080820/43d9f5f4/attachment.htm

On 20 Aug 2008, at 18:00, Eric Chamberlain wrote:
> We are exploring using Asterisk for a project and we are looking for a
> way to encrypt/decrypt the peer passwords stored in the realtime
> database (postrges).
>
> Ideally, we want to use a public key to encrypt the passwords before
> they go into the database and have Asterisk use a private key to
> decrypt the password as part of the call out process.
>
> Has anyone developed something like this?
I haven't done this in asterisk, but we did do a selective
encryption layer for a database on a non-voip project.

First - understand what you are protecting against:
We wanted to be sure that if the backup/sever/tapes/disk were
stolen then the personal data in the database would not be
accessible without the private key.

The way this worked was a bit oracle specific, but
the same concepts are available in postgress.

Basically you have a base table containing the encrypted fields,
this is what is stored on the disk. You then layer on a view (with
appropriate triggers/stored procedures) and the application
(asterisk realtime in your case) uses this view.

The view takes the encrypted fields from the base table and decrypts
them before returning the data to the application.

The trick is that the key is stored in the user's login session (ie in  
memory)
and is initialized at startup (either by typing or from somewhere that  
isn't the
disk - think of a flash drive superglued to the wall :-) with asterisk  
I'd
be tempted to have it call me and I have to dtmf the key in!