Solved

SIP digest authentication cloning

Posted on 2004-10-13
6
353 Views
Last Modified: 2006-11-17
I'm looking into the possibility of extracting the secret key of a SIP client that does challenge/response authentication with a server. My knowledge of the SIP protocol is somewhat limited, but as I understand it, it does the following:
1: client initiiates connection with REGISTER
2: server says "401 unauthorized" and provides a challenge (8 hex chars). Field is called "nonce"
3: client sends another REGISTER, with some hash value computed on the server's hex value (one field is called "cnonce", there is also a longer field called "response" that is fairly long).
4: hopefully, server says "200 OK"

This is where my problem comes in. I have no control over the server, and neither do I have control over the client (although I can spy on the traffic using e.g. tcpdump or ethereal). I have let tcpdump run for a few days and I now have a lot of these hash pairs.

The question is, simply, can I use these pairs to make a copy of the original secret? I know that breaking hashes can be difficult. On the other hand, the size of the fields suggest only 2^32 possible values. I have, however, no idea how difficult such a thing would be. For starters, I have no idea what kind of info except the "nonce" field that gets thrown into the hash machine.
 
Just to clarify, I might add that all this is for a legitimate purpose :)
0
Comment
Question by:rpz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Dr-IP
ID: 12304543
The death of all encryption techniques is repetition, and the potential man in the middle is Digest-MD5 authentications primary Achilles' heel. So with enough hashes you can extrapolate the original secret. The real determination of how many you will need depends on the size of the original secret, for which there are mechanisms within Digest-MD5 to obscure, making it harder to determine the secret, but given enough samples these protective measures break down.

If you really want to dwell into the depths of cryptography, and Digest-MD5 authentication, below are links to some reference documents on it.    

http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html
http://www.ietf.org/rfc/rfc2831.txt
http://www.ietf.org/rfc/rfc2829.txt
0
 
LVL 1

Author Comment

by:rpz
ID: 12309543
Yes, that is what I guessed :)

After some googling, it seems that SIP digest auth is closely related to HTTP auth.
http://www.potaroo.net/ietf/idref/rfc2617
http://www.potaroo.net/ietf/idref/draft-ietf-sip-digest-aka

Does anyone know how to break this? If there is a program that can do this, it would be great. If not, some general ideas about how to make one.

0
 
LVL 13

Expert Comment

by:Dr-IP
ID: 12311674
This program claims it can break MD5 hashes.

http://www.insidepro.com/eng/passwordspro.shtml#400
0
 
LVL 1

Author Comment

by:rpz
ID: 12564764
Sorry for not getting back to this question until now. Thank you Dr-IP for your hint. I tried the program, but unfortunately it does not break SIP hashes, it is used for retrieving lost passwords from HTTP digest (something similar but not exactly the same I'm afraid).
I guess hopes for another post is about zero as of now. My original question remains unanswered.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12573506
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Although VoiceOver IP has been around for a while, internet connections have only recently become fast enough to provide good call quality. Now, VoIP has become a real option for businesses looking at ways to improve their business model. In this ar…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question