[VOIPSEC] FWD - Hotel and Wfi Insecurity, including SIP
pwalenta at wi.rr.com
Mon Nov 21 14:07:31 GMT 2005
I never meant to imply that the digest SIP uses was insecure, merely that by
doing a little social engineering, it can be broken like many other
passwords due to user habits.
Will there ever be something "totally unbreakable"? Possibly, but not in
our lifetimes IMHO. As CPU speed increases, brute-force becomes easier to
I just read a fiction book written by Dan Brown (author of the Da Vinci
Code). It was named "Digital Fortress" where the central premise is that
the NSA has a 3000 CPU system that can break any encryption in like 6
minutes, and then a guy comes up with some sort of encryption with a
mutating key which fouls the whole thing up. Given that I'm not a
cryptographer, I don't know if this is even close to possible, but I would
surmise that a mutating key could possibly be the only possibility at a
truly uncrackable scheme.
Going back to one of my other points, if users were more often forced to use
non-sensical passwords, most of the security issues discussed here would
become inherently more secure. I actually joined this list because I saw
someone from Cisco give a presentation on some fundamental network stuff you
can do to thwart would-be attackers. It peaked my interest ever since and
I've found the discussions here quite fascinating, and enlightening (and
scary?). As an independent consultant I intend to use what I see here to
better improve what I offer my customers, and can give them much more
informed analysis of what they are trying to achieve.
Keep up the good work folks!
From: Richard Clayton [mailto:richard at highwayman.com]
Sent: Monday, November 21, 2005 3:33 AM
To: Philip Walenta
Cc: voipsec at voipsa.org
Subject: Re: [VOIPSEC] FWD - Hotel and Wfi Insecurity, including SIP
-----BEGIN PGP SIGNED MESSAGE-----
SIP is not a hash :( but I think I see what you mean...
richard Richard Clayton
More information about the Voipsec