MD5 Authentication – Working Example

Ok – here is MD5 authentication: The PhD Course:

SIP REGISTER is authenticated via MD5 authentication.  Everything you need to know is sent in the ‘Authorization’ line except the SIP Method which is at the top of the packet and in this case REGISTER – it could also be INVITE for example – and the user’s password.  That’s the key – that password.

Here’s a sample REGISTER  Authorization string:

Authorization: Digest username="agrabah_aladdin", realm="jnctn.net", nonce="5d02c49e00007aeb4d90b8fe974cf38a6d6a5b7515c24c19", uri="sip:agrabah.onsip.com", algorithm=MD5, qop=auth, cnonce="59f4a2601ec0874", nc=00000001, response="bb9ee2c392839058a01abcfa8192db47"

 

You create an A1 string for the user.  This string remains the same for the lifetime of the user’s password.  For this example we will assume Aladdin’s password is ‘opensesame’.

a1 = authorization username : realm : password

a1:

agrabah_aladdin:jnctn.net:opensesame

Place this string into a MD5 hash generator and you get the A1Hash string below.
a1hash: 0f59890edddd08bdb3733814e7d65ac0

a2 = SIP Method : URI

a2:

REGISTER:sip:agrabah.onsip.com

Same as above – hash this string
a2hash: c4567ed706fef749886c1b5059d90b42

A3 = a1h : nonce : {nc} : {cnonce} : {qop} : a2h

a3:

0f59890edddd08bdb3733814e7d65ac0:5d02c49e00007aeb4d90b8fe974cf38a6d6a5b7515c24c19:00000001:59f4a2601ec0874:auth:c4567ed706fef749886c1b5059d90b42

MD5 Response: bb9ee2c392839058a01abcfa8192db47

Customer response: bb9ee2c392839058a01abcfa8192db47

The hash of the a3 string is what is returned. As you can see the MD5 response is exactly what you respond with so the registration is authorized.