mailing list archives
Re: Encrypted Remote display?
From: Byron Copeland <nodialtone () comcast net>
Date: 03 Apr 2004 00:28:11 -0500
On Fri, 2004-04-02 at 14:03, ~Kevin Davis³ wrote:
UltraVNC features data stream plugins. There is a DSM plugin available that
provides RC4 (up to 128 bit) encryption.
Yeahhhhh, since RC4 has been cracked already I'd use that to if I
wanted. Lets just use ROT13 and we will all be safer.
----- Original Message -----
From: "Leonardo Piacentini" <l.piacentini () email it>
To: <security-basics () securityfocus com>
Sent: Friday, April 02, 2004 5:18 AM
Subject: Re: Encrypted Remote display?
In data "Wed 31 of March 2004" Bénoni MARTIN ha scritto:
I am looking for a tool which will be a kind of "secured VNC".
Maybe I didn't understand your problem, but VNC and his enhanced
TightVNC both support SSH tunneling via OpenSSH.
How secure is TightVNC?
Although TightVNC encrypts VNC passwords sent over the net, the rest of
the traffic is sent as is, unencrypted (for password encryption, VNC
uses a DES-encrypted challenge-response scheme, where the password is
limited by 8 characters, and the effective DES key length is 56 bits).
So using TightVNC over the Internet can be a security risk. To solve
this problem, we plan to work on built-in encryption in future versions
In the mean time, if you need real security, we recommend installing
OpenSSH, and using SSH tunneling for all TightVNC connections from
"Save yourself from the 'Gates' of hell, use Linux." -- The_Kind @
Description: This is a digitally signed message part