<div dir="ltr"><div><div>Hi Bogdan,<br><br></div>Sorry for very late reply. I couldn't find any implementation if <b>EC-SRP </b>yet. <br></div>However, Ejabbered implemented <a href="https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism" target="_blank">https://en.wikipedia.org/wiki/<wbr>Salted_Challenge_Response_<wbr>Authentication_Mechanism <b>(SCRAM)</b></a><br><div><div class="gmail_extra"><br></div><div class="gmail_extra">This is interesting model and can be adopted for SIP based services as well. <br><br clear="all"></div><div class="gmail_extra"><div><div class="gmail-m_7932707361344514541gmail_signature"><div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)">--<br>regards,</span></span></font></div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)"><br>abdul basit | p: +92 32 1416 4196 | o: +92 30 0841 1445</span></span></font></div></div>
<br><div class="gmail_quote">On Fri, Mar 10, 2017 at 8:29 PM, Bogdan-Andrei Iancu <span dir="ltr"><<a href="mailto:bogdan@opensips.org" target="_blank">bogdan@opensips.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF">
    <tt>Hi Abdul,<br>
      <br>
      I see that's a draft, so hard to judge on how far it will get. And
      something like this is not on our roadmap, maybe because of its
      very, very low priority in terms of needs. Do you have any idea if
      anyone actually implemented this ?<br>
      <br>
      Regards,<br>
    </tt><span>
    <pre class="gmail-m_7932707361344514541m_4004877212961155698moz-signature" cols="72">Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  <a class="gmail-m_7932707361344514541m_4004877212961155698moz-txt-link-freetext" href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.<wbr>com</a>

OpenSIPS Summit May 2017 Amsterdam
  <a class="gmail-m_7932707361344514541m_4004877212961155698moz-txt-link-freetext" href="http://www.opensips.org/events/Summit-2017Amsterdam.html" target="_blank">http://www.opensips.org/events<wbr>/Summit-2017Amsterdam.html</a>
</pre>
    </span><div><div class="gmail-m_7932707361344514541h5"><div class="gmail-m_7932707361344514541m_4004877212961155698moz-cite-prefix">On 03/09/2017 12:37 PM, Abdul Basit
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div>
              <div>Hi Geeks,<br>
                <br>
              </div>
              While exploring further I found a draft explaining
              elliptic curve secure remote protocol (<b>EC-SRP</b>) for
              SIP authentication<br>
              <a href="https://tools.ietf.org/html/draft-liu-sipcore-ec-srp5-03" target="_blank">https://tools.ietf.org/html/dr<wbr>aft-liu-sipcore-ec-srp5-03</a><br>
              <br>
            </div>
            This explanation seems align with my requirements of not
            storing password in database.<br>
            UAC and UAS both should support EC-SRP.<br>
            <br>
          </div>
          Do we have any road-map of opensips implementing of EC-RSP or
          similar authentication mechanism?<br>
        </div>
        <div>I will check the same with PJSIP because i couldn't find
          any traces on their forum as well. <br>
        </div>
        <div class="gmail_extra"><br clear="all">
          <div>
            <div class="gmail-m_7932707361344514541m_4004877212961155698gmail_signature">
              <div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)">--<br>
                      regards,</span></span></font></div>
              <font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)"><br>
                    abdul basit<br>
                    <br>
                  </span></span></font></div>
          </div>
          <br>
          <div class="gmail_quote">On Wed, Mar 8, 2017 at 9:53 PM, Abdul
            Basit <span dir="ltr"><<a href="mailto:basit.engg@gmail.com" target="_blank">basit.engg@gmail.com</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
              <div dir="ltr">
                <div>
                  <div>Hi Bogdan,<br>
                    <br>
                  </div>
                  I am using PJSIP as UAC and Opensips as UAS with
                  radius for AAA.<br>
                </div>
                I wanted to avoid getting into the code but let me check
                the flexibility.<br>
                <br>
                Thank you for your reply :)<br>
                <div class="gmail_extra">
                  <div>
                    <div class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail_signature">
                      <div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)"><br>
                              --<br>
                              regards,</span></span></font></div>
                      <font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)"><br>
                            abdul basit</span></span></font></div>
                  </div>
                  <div>
                    <div class="gmail-m_7932707361344514541m_4004877212961155698gmail-h5">
                      <br>
                      <div class="gmail_quote">On Wed, Mar 8, 2017 at
                        1:34 AM, Bogdan-Andrei Iancu <span dir="ltr"><<a href="mailto:bogdan@opensips.org" target="_blank"></a><a class="gmail-m_7932707361344514541m_4004877212961155698moz-txt-link-abbreviated" href="mailto:bogdan@opensips.org" target="_blank">bogdan@opensips.org</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                          <div bgcolor="#FFFFFF"> <tt>Hi Abdul,<br>
                              <br>
                              Besides the digest auth, there is no other
                              standard auth mechanism for SIP, AFAIK.<br>
                              <br>
                              If you have control over the SIP UAC, of
                              course, you could try to build your own
                              auth mechanism - OpenSIPS offers enough
                              flexibility in terms of both header
                              manipulation and data computing.<br>
                              <br>
                              Regards,<br>
                            </tt>
                            <pre class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-signature" cols="72">Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  <a class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-txt-link-freetext" href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.<wbr>com</a>

OpenSIPS Summit May 2017 Amsterdam
  <a class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-txt-link-freetext" href="http://www.opensips.org/events/Summit-2017Amsterdam.html" target="_blank">http://www.opensips.org/events<wbr>/Summit-2017Amsterdam.html</a>
</pre><div><div class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-h5">
    <div class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-cite-prefix">On 03/07/2017 10:26 AM, Abdul Basit
      wrote:

    </div>
    </div></div><blockquote type="cite"><div><div class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-h5">
      <div dir="ltr">
        <div>
          <div>
            <div>Hi,

              

            </div>
            I have a scenario where I will create password <span style="color:rgb(153,0,0)">HASH</span> = <span style="color:rgb(153,0,0)">SALT</span> + <span style="color:rgb(32,18,77)">STRING</span> and save <span style="color:rgb(153,0,0)">SALT</span> and resulted <span style="color:rgb(153,0,0)">HASH</span> only in DB.

            

            I will transport random <span style="color:rgb(12,52,61)">STRING</span>
            value to my custom sip application as password.

            

          </div>
          Digest authentication is not comply with this requirement.

          

          Is that any supported authentication mechanism that can
          fulfill this requirement.

        </div>
        or is there any more appropriate authentication mechanism by
        opensips/kamailio? 

        <div>
          <div>

          </div>
          <div>One of the objectives is in case DB will compromise,
            users passwords will not available because random <span style="color:rgb(12,52,61)">STRING will not store in DB.

            </span></div>
          <div>

          </div>
          <div>Looking forward for suggestions and comments.

            

          </div>
          <div>
            <div>
              <div>
                <div class="gmail_extra">
                  <div>
                    <div class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607gmail_signature">
                      <div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)">--

                              regards,</span></span></font></div>
                      <font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)">

                            abdul basit

                          </span></span></font></div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      

      <fieldset class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607mimeAttachmentHeader"></fieldset>
      

      </div></div><pre>______________________________<wbr>_________________
Users mailing list
<a class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a class="gmail-m_7932707361344514541m_4004877212961155698gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a>
</pre>
    </blockquote>
    

  </div>

</blockquote></div>
</div></div></div></div>
</blockquote></div>
</div></div>



</blockquote>
</div></div></div></blockquote></div><br></div></div></div>