FAQ/Can I provide encrypted user passwords via mass deployment
From Snom User Wiki
Languages: English • Deutsch |
Answer
No, encryption is not possible. There is one way to improve the password security during provisioning: Provisioning of the configuration parameter "user_hash" instead of "user_pass":
user_hash = md5(user:realm:pass)
where
user = Account = user_name realm = Registrar = user_host pass = Password = user_pass
This method will hide the password information, however the hash value can be used to authenticate the SIP account on the server.
The only complete protection can be achieved using factory provisioned phone certificates. Starting with FW Version 8 the snom root CA will be used to derive an intermediary signing authority. This intermediary certificate will be used to sign phone certificates that will be provisioned at production time. The intermediary certificate will also be carried in the phone firmware to validate firmware and also in the future to verify provisioning/telephony servers.
Auto Provisioning
Products > Configuration
Products > Documentation > HowTo > HowTo:Auto Provisioning > Auto Provisioning
Products > FAQ
Products > FAQ
Products > FAQ > FAQ:Auto Provisioning
Products > Features
Products > Features > Configuration features
Products > Features > Security features > Secure SIP > FAQ:Secure SIP
Products > IP phones > Snom3x0 > FAQ:snom3x0
Products > Network > SIP