Challenge Response Authentication

  • KenLee

    KenLee - 2011-03-29

    Currently Activa is using the plain text authentication mechanism:

    action: login
    username: some_guy
    secret: some_password

    Response: Success
    Message: Authentication accepted

    There is an alternative challenge response method that is more secure, as the password is not sent in plain text:

    action: challenge
    authtype: md5

    Response: Success
    Challenge: 997876932

    action: login
    authtype: md5
    username: some_guy
    key: md5sum(challenge+some_password)

    Response: Success
    Message: Authentication accepted

    I need to use the challenge response method in my applications.  My questions are:

    1) If I change the login method in activa to challenge response will you developers accept it into the trunk?
    2) Do you want to maintain the plaintext login and have it be configurable as far as which login mechanism gets used?

    Thank you,

    Ken Leland III

  • activatsp

    activatsp - 2011-04-04

    Hi Ken!

    1) Yes! we will accept the change.

    2) From what Asterisk version is supported authentication md5 secret?
    2.1) If it is supported in Asterisk 1.4 and 1.6 and 1.8, I propose make the md5 the default authentication method, but with a registry key to change to plain-text authentication.
    2.2) If it isn't supported in Asterisk 1.4 or 1.6 or 1.8, I propose to preserve the plain-text authentication method as default, and include a check-box in the configuration dialog to enable the md5 authentication.

    The Activa Team

  • RJ2011

    RJ2011 - 2011-04-05

    We tested and 1.4.17 supports the challenge authentication. Is there anyway we can submit the changed files here? This forum doesn't seem to support file attachment.

    To make it work with md5 authentication, we modified following three files and added a md5.h header file.


  • activatsp

    activatsp - 2011-04-06


    you can attach the modified files opening a new "Artifact" at "Traker">"Feature Request"



Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks