Child pages
  • Can I provide encrypted user passwords via mass deployment


Contents

Answer

No, encryption is not possible. There is one way to improve the password security during provisioning:

To provision the parameter "user_hash" instead of "user_pass"

user_hash = md5(user:realm:pass)

where

user = Account = user_name
realm = Registrar = user_host
pass = Password = user_pass

This method will hide the password information, however the hash value can be used to authenticate the SIP account on the server.

MD5 has been severely compromised and is considered as not really secure. The only complete protection can be achieved by an encrypted connection between phone and provisioning server. For more information, please read Securing Snom phones more effectively.