Hi, does any one use md5secret in the sip.conf files, so the secret is not in clear text?
How can I do that from the PBX Manager interface?
I will like to create each extension with a non clear text password. Of course, this will give us another issue, how to do the auto provision?
Any help, will be appreciated.
No. As we have lot of agents
No.
As we have lot of agents that do the installations of the sip phones, they know the passwords and also the call center that attend the customers can see the passwords of any customer. What I want to do is to hide this sensible information.
you cant decrypt md5 .. so
you cant decrypt md5 .. so lets say you autocreate an extension, how is your customer even going to know what the password is?
I have also been wondering
I have also been wondering about this curious feature... exactly how then do you use MD5 encrypted password?
Is the idea to send the MD5 hashed password already hashed? so that it the hashed text that "could" be snooped? if so does that mean the hw phone actually has the md5 has in the password field?
Hi Erik, First of all, I
Hi Erik,
First of all, I didn't try it yet, I just want to know if somebody did something so I can get his experience.
In our company, we don´t give the password for the customers, we do the phone provisioning and set them with the auto provision, so the phone will get the configuration with the user and password, so is not necessary to store the password in clear text.
Is like the old way unix handle the /etc/password and then appears the shadow-passwords. The only exceptions will be the soft-phones, where the user need to know the password, but this can be less than 50% of the extensions, so implementing an encrypted password will improve the security because will be less information available to call center users and field service agents.
Are you trying to avoid a man-in-the-middle attack?
-Matt