FAQ/Can I provide encrypted user passwords via mass deployment

From Snom User Wiki

Jump to: navigation, search
Languages: English • Deutsch


No, encryption is not possible. There is one way to improve the password security during provisioning: Provisioning of the configuration parameter "user_hash" instead of "user_pass":

user_hash = md5(user:realm:pass)


user = Account = user_name
realm = Registrar = user_host
pass = Password = user_pass

This method will hide the password information, however the hash value can be used to authenticate the SIP account on the server.

The only complete protection can be achieved using factory provisioned phone certificates. Starting with FW Version 8 the snom root CA will be used to derive an intermediary signing authority. This intermediary certificate will be used to sign phone certificates that will be provisioned at production time. The intermediary certificate will also be carried in the phone firmware to validate firmware and also in the future to verify provisioning/telephony servers.

Personal tools