Page Index Toggle Pages: 1 2 [3] 4 5 ... 10 Send TopicPrint
Very Hot Topic (More than 25 Replies) Encryption: TLS, SRTP & ZRTP (Read 132311 times)
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #30 - 21. Jan 2011 at 05:15
Print Post  
It is working for direct IP to IP, also it shows zrtp in tool tip along with SAS. This is good. 
Can you control what SIP and RTP port are used ? Let us say I am behind a router with NAT and I want to forward the ports, it would be possible to do peer to peer if I forward ports ? 
Have you tested with stun with one phonerlite behind router A, and another phonerlite behind router B and router A and router B are not on LAN, but on internet and know each other public IP ? 

I don't know why it is not working with freeswitch server and with two phonerlites connected to same freeswitch. SRTP is working but not ZRTP. How can SRTP work and not ZRTP ? Freeswitch is known to allow ZRTP to pass through also.
  
Back to top
 
IP Logged
 
deti
Junior Member
**
Offline



Posts: 93
Location: Prien am Chiemsee
Joined: 16. Dec 2006
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #31 - 21. Jan 2011 at 10:03
Print Post  
botyhc wrote on 21. Jan 2011 at 05:15:
Can you control what SIP and RTP port are used ? Let us say I am behind a router with NAT and I want to forward the ports, it would be possible to do peer to peer if I forward ports ?

SIP:
If your router allows UPnP NAT and you checked it in your PhonerLite config it should work. It may be necessary that your set your Local Port in PhonerLite to other value then 5060.
RTP:
I can't say, but I guess no.
  
Back to top
WWW  
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9279
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #32 - 21. Jan 2011 at 12:40
Print Post  
If you configure PhonerLite to use port 5060, then for the first call port 5062 is used for RTP. Every additional call uses a port number incremented by 2.
If such port couldn't be opened, a random port is used.
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #33 - 31. Jan 2011 at 11:36
Print Post  
I tested zrtp with Opensips and I see what you posted earlier. I also see new version has a tick mark. This is very nice. Thanks!

Please reconsider the option of not falling back from TLS to TCP/UDP as it compromises security. Perhaps you can add option or box saying Strict ?  If user selects it then, no fall back. If user doesn't then allow fallback. Something like this. This would be make it a very secure voip client.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9279
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #34 - 31. Jan 2011 at 13:22
Print Post  
So ZRTP is working now for you?
I will think about such option.
  
Back to top
WWW  
IP Logged
 
brahman
YaBB Newbies
*
Offline


Phoner ist großartig!

Posts: 24
Joined: 16. Jul 2006
Re: Encryption: TLS, SRTP & ZRTP
Reply #35 - 31. Jan 2011 at 20:03
Print Post  
I have been very excited when today I found out phoner supports ZRTP! Yeah! Great work!  Grin Thank you so, so much!

I would also like to support the request to make a "connect with ZRTP only - disconnect all other" option for optimum security.

Imagine being in China or Egypt and thinking you are making a secure phone call but have your phone call being monitored by the authorities? A small moment of diversion could have dire consequences.

Regards,

Brahman
  
Back to top
 
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #36 - 01. Feb 2011 at 00:10
Print Post  
Yes ZRTP is working. I will try with sip communicator also and see. 

> I will think about such option.
Thanks

Yes having an option to not change from what user specifies in TLS, TCP, UDP is needed. 
Also like the other post, similarly there should be no fall back from SRTP or ZRTP based on what user specifies. Phonerlite has so many nice security features and above two thins are needed in order to truly make it secure.
  
Back to top
 
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #37 - 01. Feb 2011 at 00:49
Print Post  
Can you please tell how you got SIP communicator to do SRTP or ZRTP. I am not able to get it to do SRTP itself. It is doing plain RTP. In the security settings, I have selected everything under SRTP authentication length. And also enabled SAS (I am guessing this is for ZRTP)

I want to test SIP communicator with phonerlite with SRTP and ZRTP like you did.
  
Back to top
 
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #38 - 01. Feb 2011 at 00:52
Print Post  
I also enabled indicate support for zrtp and enable support to encrypt calls in the sip communicator.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9279
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #39 - 01. Feb 2011 at 09:58
Print Post  
For SIP Communicator I enabled all hash and encryption algorithms under the security/call tab. "Trusted MitM" and "SAS signature processing" is disabled here.

I just uploaded a new beta version of PhonerLite. There is a new option to do no fallback to other connection types.
  
Back to top
WWW  
IP Logged
 
brahman
YaBB Newbies
*
Offline


Phoner ist großartig!

Posts: 24
Joined: 16. Jul 2006
Re: Encryption: TLS, SRTP & ZRTP
Reply #40 - 01. Feb 2011 at 13:08
Print Post  
Thank you very much - this is so wonderful! You really did a lot of work to make Phonerlite secure.

Could this new feature also find its way into phoner?
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9279
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #41 - 01. Feb 2011 at 13:45
Print Post  
Phoner uses the same "sipper.dll" as PhonerLite. That "sipper.dll" is configured by "sipper.ini". So in theory you can configure in PhonerLite and use that "sipper.ini" in Phoner.
PhonerLite is a specialized version of Phoner to use with SIP. So PhonerLite supports some more SIP features than Phoner. I will keep this in future too.
  
Back to top
WWW  
IP Logged
 
brahman
YaBB Newbies
*
Offline


Phoner ist großartig!

Posts: 24
Joined: 16. Jul 2006
Re: Encryption: TLS, SRTP & ZRTP
Reply #42 - 01. Feb 2011 at 16:34
Print Post  
Phoner Admin wrote on 01. Feb 2011 at 13:45:
Phoner uses the same "sipper.dll" as PhonerLite. That "sipper.dll" is configured by "sipper.ini". So in theory you can configure in PhonerLite and use that "sipper.ini" in Phoner.


Thank you - that's a great tip.
  
Back to top
 
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #43 - 02. Feb 2011 at 00:10
Print Post  
I tried with sip communicator from what you mentioned above but it is not even doing SRTP. I selected the transport as UDP. Can you please tell if it is working at your end with UDP ?
  
Back to top
 
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #44 - 02. Feb 2011 at 00:35
Print Post  
I tested the beta, thanks for the "connection type is fixed" option. This is very useful to ensure there is no fall back.

Is the certificate used by the phoner in TLS if you don't specify, same for all phoners ? Does it generate a new one automatically ? If it is not specified it should generate a new unique one and use it. If not it can be a security risk ?
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1 2 [3] 4 5 ... 10
Send TopicPrint