?
Solved

SIP digest authentication cloning

Posted on 2004-10-13
6
Medium Priority
?
357 Views
Last Modified: 2006-11-17
I'm looking into the possibility of extracting the secret key of a SIP client that does challenge/response authentication with a server. My knowledge of the SIP protocol is somewhat limited, but as I understand it, it does the following:
1: client initiiates connection with REGISTER
2: server says "401 unauthorized" and provides a challenge (8 hex chars). Field is called "nonce"
3: client sends another REGISTER, with some hash value computed on the server's hex value (one field is called "cnonce", there is also a longer field called "response" that is fairly long).
4: hopefully, server says "200 OK"

This is where my problem comes in. I have no control over the server, and neither do I have control over the client (although I can spy on the traffic using e.g. tcpdump or ethereal). I have let tcpdump run for a few days and I now have a lot of these hash pairs.

The question is, simply, can I use these pairs to make a copy of the original secret? I know that breaking hashes can be difficult. On the other hand, the size of the fields suggest only 2^32 possible values. I have, however, no idea how difficult such a thing would be. For starters, I have no idea what kind of info except the "nonce" field that gets thrown into the hash machine.
 
Just to clarify, I might add that all this is for a legitimate purpose :)
0
Comment
Question by:rpz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Dr-IP
ID: 12304543
The death of all encryption techniques is repetition, and the potential man in the middle is Digest-MD5 authentications primary Achilles' heel. So with enough hashes you can extrapolate the original secret. The real determination of how many you will need depends on the size of the original secret, for which there are mechanisms within Digest-MD5 to obscure, making it harder to determine the secret, but given enough samples these protective measures break down.

If you really want to dwell into the depths of cryptography, and Digest-MD5 authentication, below are links to some reference documents on it.    

http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html
http://www.ietf.org/rfc/rfc2831.txt
http://www.ietf.org/rfc/rfc2829.txt
0
 
LVL 1

Author Comment

by:rpz
ID: 12309543
Yes, that is what I guessed :)

After some googling, it seems that SIP digest auth is closely related to HTTP auth.
http://www.potaroo.net/ietf/idref/rfc2617
http://www.potaroo.net/ietf/idref/draft-ietf-sip-digest-aka

Does anyone know how to break this? If there is a program that can do this, it would be great. If not, some general ideas about how to make one.

0
 
LVL 13

Expert Comment

by:Dr-IP
ID: 12311674
This program claims it can break MD5 hashes.

http://www.insidepro.com/eng/passwordspro.shtml#400
0
 
LVL 1

Author Comment

by:rpz
ID: 12564764
Sorry for not getting back to this question until now. Thank you Dr-IP for your hint. I tried the program, but unfortunately it does not break SIP hashes, it is used for retrieving lost passwords from HTTP digest (something similar but not exactly the same I'm afraid).
I guess hopes for another post is about zero as of now. My original question remains unanswered.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12573506
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question