I was wondering about increasing the security of DISA for remote extensions. Based on the assumption that hackers are monitoring SIP exchanges and recording all DTMF transaction to log credit card number or access code and that a VPN remote extension connection is not always practical (like on my Nokia SIP client), is there an easy way to have a changing/rolling code for the Authenticate function. I was thinking about the following: - having a 15 digit/letter pass phrase and let Asterix asking only a few digits randomly(i.e. 'Please enter the 5th,7th,10th and 12th digit' ) - having a base PIN plus a variable part (hour, minutes, date, etc...) - a list of multiple PIN associated with their own voice request ('please enter password #5' or 'What is the name of your first pet' )... Patrick
