Displaying 1 result from an estimated 1 matches for "md5secretb".
Did you mean:
md5secret
2013 Jun 06
0
md5secret, secret and ha1b hash calculation?
...he following:
- if secret is configured, and an auth header comes in with
auth_user="user at realm", does Asterisk internally make the H(A1b)
calculation instead of H(A1) from the secret it has for the user?
- if yes, does that mean it would be relatively easy to add an extra
parameter, md5secretb for example, that mimics ha1b and allows cleartext
secrets to be abolished?
- what has been observed in practice? Are there any devices actively
behaving like this or is it purely a legacy thing?
In repro, we decided to store both versions of every hash when a user is
added/updated, but only ha1...