[EMAIL PROTECTED] wrote:
On Thursday 23 June 2005 19:57, Brian West wrote:
With inband its at least not sent in clear text.
It's trivial to pull DTMF out of an inband stream too. Perhaps not AS
trivial
but just the same, you should be using SRTP if you're paranoid about this
kind of thing.
We are on a real world... Every cyber cafe has its own little
hacker/cracker that is sniffing out... A simple ethereal capture could
give me a bank pin number... It is REALLY trivial!
I think the point(s) the others are trying to make:
1- It is not feasible to use inband in G.729 (or, as far as I know, any
other compressed codec), and that is final. Other than that.
2- Out-of-band is as safe/unsafe as having the conversation recorded,
including pin, by the hacker, if no encrypted voice path is being used.
as others mentioned, DTMF tones would be very "obvious" in a trace
(maybe someone may want to post an example). Remember, if the other end
need to be able to "regenerate" the DTMF info, it MUST be present in the
stream, so is as easy/hard as the other endpoint 'decoding' it.
PS: I seem to recall some Voice over data products that would upspeed to
G.711, upon detecting of DTMF tones, this may have given someone the
wrong impression, that the DTMF was being sent as G.729, when it was not
in fact.
[], <O-O>
_______________________________________________
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
