Solved

SIP digest authentication cloning

Posted on 2004-10-13
6
348 Views
Last Modified: 2006-11-17
I'm looking into the possibility of extracting the secret key of a SIP client that does challenge/response authentication with a server. My knowledge of the SIP protocol is somewhat limited, but as I understand it, it does the following:
1: client initiiates connection with REGISTER
2: server says "401 unauthorized" and provides a challenge (8 hex chars). Field is called "nonce"
3: client sends another REGISTER, with some hash value computed on the server's hex value (one field is called "cnonce", there is also a longer field called "response" that is fairly long).
4: hopefully, server says "200 OK"

This is where my problem comes in. I have no control over the server, and neither do I have control over the client (although I can spy on the traffic using e.g. tcpdump or ethereal). I have let tcpdump run for a few days and I now have a lot of these hash pairs.

The question is, simply, can I use these pairs to make a copy of the original secret? I know that breaking hashes can be difficult. On the other hand, the size of the fields suggest only 2^32 possible values. I have, however, no idea how difficult such a thing would be. For starters, I have no idea what kind of info except the "nonce" field that gets thrown into the hash machine.
 
Just to clarify, I might add that all this is for a legitimate purpose :)
0
Comment
Question by:rpz
  • 2
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
The death of all encryption techniques is repetition, and the potential man in the middle is Digest-MD5 authentications primary Achilles' heel. So with enough hashes you can extrapolate the original secret. The real determination of how many you will need depends on the size of the original secret, for which there are mechanisms within Digest-MD5 to obscure, making it harder to determine the secret, but given enough samples these protective measures break down.

If you really want to dwell into the depths of cryptography, and Digest-MD5 authentication, below are links to some reference documents on it.    

http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html
http://www.ietf.org/rfc/rfc2831.txt
http://www.ietf.org/rfc/rfc2829.txt
0
 
LVL 1

Author Comment

by:rpz
Comment Utility
Yes, that is what I guessed :)

After some googling, it seems that SIP digest auth is closely related to HTTP auth.
http://www.potaroo.net/ietf/idref/rfc2617
http://www.potaroo.net/ietf/idref/draft-ietf-sip-digest-aka

Does anyone know how to break this? If there is a program that can do this, it would be great. If not, some general ideas about how to make one.

0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
This program claims it can break MD5 hashes.

http://www.insidepro.com/eng/passwordspro.shtml#400
0
 
LVL 1

Author Comment

by:rpz
Comment Utility
Sorry for not getting back to this question until now. Thank you Dr-IP for your hint. I tried the program, but unfortunately it does not break SIP hashes, it is used for retrieving lost passwords from HTTP digest (something similar but not exactly the same I'm afraid).
I guess hopes for another post is about zero as of now. My original question remains unanswered.
0
 

Accepted Solution

by:
modulo earned 0 total points
Comment Utility
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now