rtsp server authentication
cjvijf at gmail.com
Thu May 9 19:31:20 UTC 2019
I didn't see the original message, but "basic authentication", depending
on with what, is done with hmac-sha1 or hmac-md5, which technically is not
encryption, but a "one way hash", it can be "decrypted", but tends to be A
LOT of work and is not a one-on-one "process" or result. typically it
depends on the mechanism. Onvif for example uses a client generated
"nonce", a date string and password. using hmac-sha1 (the a special case of
hmac-sha1) if not mistaken TLS uses the same mechanism. other "mechanisms"
(used in simple routers and smart devices), the device sends out a key,
which is used to hash (one way hash) similar things (date, public key,
password) with hmac-md5.
So theoretically you can reverse engineer (or crack) it, but it is not
trivial. (if it were it would be pretty worthless).
Most of these device also accept the password in clear text, so for
testing/debugging purposes you could have the server you built, accept it
in clear text for debugging.
On Thu, May 9, 2019 at 12:13 PM Michael MacIntosh <
mmacintosh at linear-systems.com> wrote:
> If you are using basic authentication, it should be under the
> "authorization" header.
> Digest Authentication is going to be harder to get the password from.
> Hope that helps!
> On 5/9/2019 8:09 AM, thierry wrote:
> > Hi all ,
> > I implemented a rtsp server with authentication with success.
> > Now , i try to intercept the passord transmit by rtsp client ( i need
> > it)
> > Do you know if it is possible and how ?
> > Thx a lot
> > Thy
> > --
> > Sent from: http://gstreamer-devel.966125.n4.nabble.com/
> > _______________________________________________
> > gstreamer-devel mailing list
> > gstreamer-devel at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/gstreamer-devel
> gstreamer-devel mailing list
> gstreamer-devel at lists.freedesktop.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the gstreamer-devel