interesting, this makes the access to the stream secure but what about
after the authentication? If I succesfully initiate an RTSP stream I
have a flow of packets comming to my client. Are these packets encypted
or protected in some way from bad guys "sniffing" my network?
Best
Leonardo Citraro
Il 2016-06-16 21:59 Ross Finlayson ha scritto:
Yes, the RTSP digest authentication protocol is secure; passwords do
not get sent over the net.
Instead, the way it works is that server sends, to the client, a
randomly generated string (i.e., different each time) - called a
“nonce”; see
https://en.wikipedia.org/wiki/Cryptographic_nonce
- as a challenge. The client then responds by computing a
cryptographic hash of the ‘nonce' and the password, and sending this
hash back to the server. (The cryptographic hash cannot practically
be reversed, so an eavesdropper cannot deduce the password from the
hash.) The server then compares this hash with what it knows that
the
hash should be (from its known password), to check whether the client
knew the correct password.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
_______________________________________________
live-devel mailing list
live-devel@lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel
_______________________________________________
live-devel mailing list
live-devel@lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel
