Solved

SIP digest authentication cloning

Posted on 2004-10-13
6
351 Views
Last Modified: 2006-11-17
I'm looking into the possibility of extracting the secret key of a SIP client that does challenge/response authentication with a server. My knowledge of the SIP protocol is somewhat limited, but as I understand it, it does the following:
1: client initiiates connection with REGISTER
2: server says "401 unauthorized" and provides a challenge (8 hex chars). Field is called "nonce"
3: client sends another REGISTER, with some hash value computed on the server's hex value (one field is called "cnonce", there is also a longer field called "response" that is fairly long).
4: hopefully, server says "200 OK"

This is where my problem comes in. I have no control over the server, and neither do I have control over the client (although I can spy on the traffic using e.g. tcpdump or ethereal). I have let tcpdump run for a few days and I now have a lot of these hash pairs.

The question is, simply, can I use these pairs to make a copy of the original secret? I know that breaking hashes can be difficult. On the other hand, the size of the fields suggest only 2^32 possible values. I have, however, no idea how difficult such a thing would be. For starters, I have no idea what kind of info except the "nonce" field that gets thrown into the hash machine.
 
Just to clarify, I might add that all this is for a legitimate purpose :)
0
Comment
Question by:rpz
  • 2
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Dr-IP
ID: 12304543
The death of all encryption techniques is repetition, and the potential man in the middle is Digest-MD5 authentications primary Achilles' heel. So with enough hashes you can extrapolate the original secret. The real determination of how many you will need depends on the size of the original secret, for which there are mechanisms within Digest-MD5 to obscure, making it harder to determine the secret, but given enough samples these protective measures break down.

If you really want to dwell into the depths of cryptography, and Digest-MD5 authentication, below are links to some reference documents on it.    

http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html
http://www.ietf.org/rfc/rfc2831.txt
http://www.ietf.org/rfc/rfc2829.txt
0
 
LVL 1

Author Comment

by:rpz
ID: 12309543
Yes, that is what I guessed :)

After some googling, it seems that SIP digest auth is closely related to HTTP auth.
http://www.potaroo.net/ietf/idref/rfc2617
http://www.potaroo.net/ietf/idref/draft-ietf-sip-digest-aka

Does anyone know how to break this? If there is a program that can do this, it would be great. If not, some general ideas about how to make one.

0
 
LVL 13

Expert Comment

by:Dr-IP
ID: 12311674
This program claims it can break MD5 hashes.

http://www.insidepro.com/eng/passwordspro.shtml#400
0
 
LVL 1

Author Comment

by:rpz
ID: 12564764
Sorry for not getting back to this question until now. Thank you Dr-IP for your hint. I tried the program, but unfortunately it does not break SIP hashes, it is used for retrieving lost passwords from HTTP digest (something similar but not exactly the same I'm afraid).
I guess hopes for another post is about zero as of now. My original question remains unanswered.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12573506
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cheapest VOIP Phone with 48+ shortcut keys 4 23
Shoretel Voice Networks. 6 58
Cisco CUCM 10.5: password recovery 2 71
Fax Question in ShoreTel 3 22
Hey there Heard about jingle, the add on for XMPP that enables point to point audio between two XMPP clients. No server config necessary. Actually quite a cool feature. However, how good is it if you can not use those voice capabilities to do a P…
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question