[Serusers] encryption on authorization
Jan Janak
J.Janak at sh.cvut.cz
Wed Jan 15 12:58:13 CET 2003
Hello, comments inline.
On 03-01 10:17, Karsten Knüttel wrote:
> Hi there,
>
> In a REGISTER case there is a HeaderField AUTHORIZATION. The usual
> encryption algorithm is "MD5".
MD5 is used for hash computation, not for encryption.
> Is it possible to REGISTER without any encryption?
There is no encryption used, the Authorization header field is used
for authorization only, not for encryption.
> Please give a statement if I understood everything right or correct me:
>
> Digest Username => not encrypted;
> realm =>not encrypted;
> URI =>not encrypted;
>
> Nonce => encrypted => is Password?
> Response => encrypted => what´s that?
Nonce is a string generated by the server, client uses the string to compute
response.
Response is a string computed by the client, among other things, it is a
hash of username, password and so on. The server then recalculates the
response and if it is same, the user is authenticated.
regards, Jan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20030115/cd8daed1/attachment.pgp>
More information about the sr-users
mailing list