asterisk users - Dec 2011 - How can I decipher password in SIP Packet?

I am receiving requests to register to my Asterisk extensions. I have the
full SIP packets. I also do see what extension is being tried to be
registered. Is there ANY WAY to know what password is being attempted?

I think the appropriate term would be decode the base64 response I get from
the client. Here is what I get in the SIP packet from the client:
*
*
 *Authorization: Digest username="4456678",
realm="asterisk",
nonce="67461340", uri="sip:mailbox",
response="5a9a5f2b527ca9687c8f75705e6a2d25", algorithm=MD5*

Using a base64 decoder I get this:* *??Z????n?k???? ????????? from the
"response" above. Of course, that is not the plain password. So, is
that
encrypted? How can I can I decrypt it?

Thanks,



On Mon, Nov 28, 2011 at 12:48 AM, asterisk jobs <asteriskcoding at
gmail.com>wrote:
> Hello,
>
> I am receiving requests to register to my Asterisk extensions. I have the
> full SIP packets. I also do see what extension is being tried to be
> registered. Is there ANY WAY to know what password is being attempted?
>
> Thanks,
> Peter
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20111202/4782c5b4/attachment.htm>

On 12/02/2011 05:24 PM, asterisk jobs wrote:
> I am receiving requests to register to my Asterisk extensions. I have
> the full SIP packets. I also do see what extension is being tried to be
> registered. Is there ANY WAY to know what password is being attempted?
>
> I think the appropriate term would be decode the base64 response I get
> from the client. Here is what I get in the SIP packet from the client:
> *
> *
> *Authorization: Digest username="4456678",
realm="asterisk",
> nonce="67461340", uri="sip:mailbox",
> response="5a9a5f2b527ca9687c8f75705e6a2d25", algorithm=MD5*
>
> Using a base64 decoder I get this:**??Z????n?k???? ????????? from the
> "response" above. Of course, that is not the plain password. So,
is that
> encrypted? How can I can I decrypt it?
As the Authorization header clearly states, this value is created using 
an MD5 Digest (hash). Since it is a digest function, it is not 
reversible. It is impossible to recover the password that was used 
during the calculation of the response value (although given enough time 
and CPU resources, it is possible go through a massive list of 
possibilities and try each one until you find one that matches).

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

>
> As the Authorization header clearly states, this value is created using an
> MD5 Digest (hash). Since it is a digest function, it is not reversible. It
> is impossible to recover the password that was used during the calculation
> of the response value (although given enough time and CPU resources, it is
> possible go through a massive list of possibilities and try each one until
> you find one that matches).
>
>
Thanks. Based on above, I am getting that Asterisk also runs MD5 algorithm
on the password and then matches the two hash digests to see if they are
good or not. Is that all happens? or is there an encryption involved as
well? Chance of collision of 1^128?

Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20111202/83135cbc/attachment.htm>