Home page logo
/

basics logo Security Basics mailing list archives

Re: Encrypted Remote display?
From: Byron Copeland <nodialtone () comcast net>
Date: 03 Apr 2004 00:28:11 -0500

On Fri, 2004-04-02 at 14:03, ~Kevin Davis³ wrote:
UltraVNC features data stream plugins.  There is a DSM plugin available that
provides RC4 (up to 128 bit) encryption.


Yeahhhhh, since RC4 has been cracked already I'd use that to if I
wanted.  Lets just use ROT13 and we will all be safer.

----- Original Message ----- 
From: "Leonardo Piacentini" <l.piacentini () email it>
To: <security-basics () securityfocus com>
Sent: Friday, April 02, 2004 5:18 AM
Subject: Re: Encrypted Remote display?


In data "Wed 31 of March 2004" Bénoni MARTIN ha scritto:

I am looking for a tool which will be a kind of "secured VNC".
[cut]
Maybe I didn't understand your problem, but VNC and his enhanced
TightVNC both support SSH tunneling via OpenSSH.

From: http://www.tightvnc.com/faq.html#howsecure

How secure is TightVNC?
Although TightVNC encrypts VNC passwords sent over the net, the rest of
the traffic is sent as is, unencrypted (for password encryption, VNC
uses a DES-encrypted challenge-response scheme, where the password is
limited by 8 characters, and the effective DES key length is 56 bits).
So using TightVNC over the Internet can be a security risk. To solve
this problem, we plan to work on built-in encryption in future versions
of TightVNC.
In the mean time, if you need real security, we recommend installing
OpenSSH, and using SSH tunneling for all TightVNC connections from
untrusted networks.
-- 
"Save yourself from the 'Gates' of hell, use Linux." -- The_Kind @
LinuxNet

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]