Home page logo
/

basics logo Security Basics mailing list archives

Re: Encrypted Remote display?
From: Leonardo Piacentini <l.piacentini () email it>
Date: Fri, 2 Apr 2004 12:18:27 +0200

In data "Wed 31 of March 2004" Bénoni MARTIN ha scritto:

I am looking for a tool which will be a kind of "secured VNC".
[cut]
Maybe I didn't understand your problem, but VNC and his enhanced
TightVNC both support SSH tunneling via OpenSSH.

From: http://www.tightvnc.com/faq.html#howsecure

How secure is TightVNC?
Although TightVNC encrypts VNC passwords sent over the net, the rest of
the traffic is sent as is, unencrypted (for password encryption, VNC
uses a DES-encrypted challenge-response scheme, where the password is
limited by 8 characters, and the effective DES key length is 56 bits).
So using TightVNC over the Internet can be a security risk. To solve
this problem, we plan to work on built-in encryption in future versions
of TightVNC.
In the mean time, if you need real security, we recommend installing
OpenSSH, and using SSH tunneling for all TightVNC connections from
untrusted networks. 

-- 
Leonardo Piacentini
GNU/Linux Gentoo user since 1.4-RC4
PGP Key: look at the headers

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]