[VOIPSEC] FWD - Hotel and Wfi Insecurity, including SIP

[Philip Walenta]

I never meant to imply that the digest SIP uses was insecure, merely that by
doing a little social engineering, it can be broken like many other
passwords due to user habits.

Will there ever be something "totally unbreakable"?  Possibly, but not in
our lifetimes IMHO.  As CPU speed increases, brute-force becomes easier to
do.

I just read a fiction book written by Dan Brown (author of the Da Vinci
Code).  It was named "Digital Fortress" where the central premise is that
the NSA has a 3000 CPU system that can break any encryption in like 6
minutes, and then a guy comes up with some sort of encryption with a
mutating key which fouls the whole thing up.  Given that I'm not a
cryptographer, I don't know if this is even close to possible, but I would
surmise that a mutating key could possibly be the only possibility at a
truly uncrackable scheme.

Going back to one of my other points, if users were more often forced to use
non-sensical passwords, most of the security issues discussed here would
become inherently more secure.  I actually joined this list because I saw
someone from Cisco give a presentation on some fundamental network stuff you
can do to thwart would-be attackers.  It peaked my interest ever since and
I've found the discussions here quite fascinating, and enlightening (and
scary?).  As an independent consultant I intend to use what I see here to
better improve what I offer my customers, and can give them much more
informed analysis of what they are trying to achieve.

Keep up the good work folks!


-----Original Message-----
From: Richard Clayton [mailto:richard at highwayman.com] 
Sent: Monday, November 21, 2005 3:33 AM
To: Philip Walenta
Cc: voipsec at voipsa.org
Subject: Re: [VOIPSEC] FWD - Hotel and Wfi Insecurity, including SIP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


SIP is not a hash :(  but I think I see what you mean...

- -- 
richard                                                  Richard Clayton