Can I provide encrypted user passwords via mass deployment

Answer

No, encryption is not possible. There is one way to improve the password security during provisioning:

To provision the parameter "user_hash" instead of "user_pass"

user_hash = md5(user:realm:pass)

where

user = Account = user_name
realm = Registrar = user_host
pass = Password = user_pass

realm

Be sure to use realm while generating the hash: can happen that realm is different from registrar / SIP server

This method will hide the password information, however the hash value can be used to authenticate the SIP account on the server.

MD5 has been severely compromised and is considered as not really secure. The only complete protection can be achieved by an encrypted connection between phone and provisioning server. For more information, please read Securing Snom phones more effectively.

Further Information

Related articles

Page:

802.1X
Page:

<certificates> tag
Page:

<dialplan> tag
Page:

<functionKeys> tag
Page:

<gui-languages>, <web-languages>tag
Page:

<phone-settings> tag
Page:

<ReplacementPlan> tag
Page:

<Setting-Files> tag
Page:

<tbook>,<phone-book> tag
Page:

<uploads> tag
Page:

A150 / A170 DECT Encryption
Page:

Auto Provisioning
Page:

Basic setting provisioning via DHCP
Page:

Can I provide encrypted user passwords via mass deployment
Page:

Can I use self-signed certificates for secure provisioning

Page tree

Can I provide encrypted user passwords via mass deployment

Answer