SIP uses the same authentication mechanism as HTTP digest. The response is computed using some sort of hashing algorithm (e.g. MD5). RFC 2617 has the details on this: http://www.ietf.org/rfc/rfc2617.txt
On Sat, Mar 1, 2008 at 8:46 AM, sipResearcher <[EMAIL PROTECTED]> wrote: > Hi, > > I have a simple question about SIP messaging. When a SIP client wants to > register to SIP registrar (for example asterisk), it sends a REGISTER > message and receives a Unauthorized message with a nonce value and it > calculates a challenge response using username password and this nonce > value. A looked up to the rfc about regsitration process but I couldn't > understand how it computes this response value. > > What is the formula for this calculation. Which parameters does it use > exactly? > > ________________________________ > > Looking for last minute shopping deals? Find them fast with Yahoo! Search. > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-security mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-security > -- Raj Jain mailto:rj2807 at gmail dot com sip:rjain at iptel dot org _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
