Home page logo

basics logo Security Basics mailing list archives

Re: Encrypted Remote display?
From: Byron Copeland <nodialtone () comcast net>
Date: 03 Apr 2004 00:28:11 -0500

On Fri, 2004-04-02 at 14:03, ~Kevin Davis³ wrote:
UltraVNC features data stream plugins.  There is a DSM plugin available that
provides RC4 (up to 128 bit) encryption.

Yeahhhhh, since RC4 has been cracked already I'd use that to if I
wanted.  Lets just use ROT13 and we will all be safer.

----- Original Message ----- 
From: "Leonardo Piacentini" <l.piacentini () email it>
To: <security-basics () securityfocus com>
Sent: Friday, April 02, 2004 5:18 AM
Subject: Re: Encrypted Remote display?

In data "Wed 31 of March 2004" Bénoni MARTIN ha scritto:

I am looking for a tool which will be a kind of "secured VNC".
Maybe I didn't understand your problem, but VNC and his enhanced
TightVNC both support SSH tunneling via OpenSSH.

From: http://www.tightvnc.com/faq.html#howsecure

How secure is TightVNC?
Although TightVNC encrypts VNC passwords sent over the net, the rest of
the traffic is sent as is, unencrypted (for password encryption, VNC
uses a DES-encrypted challenge-response scheme, where the password is
limited by 8 characters, and the effective DES key length is 56 bits).
So using TightVNC over the Internet can be a security risk. To solve
this problem, we plan to work on built-in encryption in future versions
of TightVNC.
In the mean time, if you need real security, we recommend installing
OpenSSH, and using SSH tunneling for all TightVNC connections from
untrusted networks.
"Save yourself from the 'Gates' of hell, use Linux." -- The_Kind @

Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]