[Live-devel] RTSPServer authentication is secure?
leonardo.citraro at dos-web.net
leonardo.citraro at dos-web.net
Thu Jun 16 13:31:22 PDT 2016
interesting, this makes the access to the stream secure but what about
after the authentication? If I succesfully initiate an RTSP stream I
have a flow of packets comming to my client. Are these packets encypted
or protected in some way from bad guys "sniffing" my network?
Best
Leonardo Citraro
Il 2016-06-16 21:59 Ross Finlayson ha scritto:
> Yes, the RTSP digest authentication protocol is secure; passwords do
> not get sent over the net.
>
> Instead, the way it works is that server sends, to the client, a
> randomly generated string (i.e., different each time) - called a
> “nonce”; see
> https://en.wikipedia.org/wiki/Cryptographic_nonce
> - as a challenge. The client then responds by computing a
> cryptographic hash of the ‘nonce' and the password, and sending this
> hash back to the server. (The cryptographic hash cannot practically
> be reversed, so an eavesdropper cannot deduce the password from the
> hash.) The server then compares this hash with what it knows that
> the
> hash should be (from its known password), to check whether the client
> knew the correct password.
>
>
> Ross Finlayson
> Live Networks, Inc.
> http://www.live555.com/
>
>
> _______________________________________________
> live-devel mailing list
> live-devel at lists.live555.com
> http://lists.live555.com/mailman/listinfo/live-devel
More information about the live-devel
mailing list