Security Basics mailing list archives
Re: Encrypted Remote display?
From: ~Kevin Davis³ <kevin.davis () mindless com>
Date: Fri, 2 Apr 2004 14:03:34 -0500
UltraVNC features data stream plugins. There is a DSM plugin available that provides RC4 (up to 128 bit) encryption. ----- Original Message ----- From: "Leonardo Piacentini" <l.piacentini () email it> To: <security-basics () securityfocus com> Sent: Friday, April 02, 2004 5:18 AM Subject: Re: Encrypted Remote display? In data "Wed 31 of March 2004" Bénoni MARTIN ha scritto:
I am looking for a tool which will be a kind of "secured VNC".
[cut] Maybe I didn't understand your problem, but VNC and his enhanced TightVNC both support SSH tunneling via OpenSSH. From: http://www.tightvnc.com/faq.html#howsecure How secure is TightVNC? Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk. To solve this problem, we plan to work on built-in encryption in future versions of TightVNC. In the mean time, if you need real security, we recommend installing OpenSSH, and using SSH tunneling for all TightVNC connections from untrusted networks. -- Leonardo Piacentini GNU/Linux Gentoo user since 1.4-RC4 PGP Key: look at the headers --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Encrypted Remote display? Bénoni MARTIN (Apr 01)
- Re: Encrypted Remote display? Leonardo Piacentini (Apr 02)
- Re: Encrypted Remote display? ~Kevin Davis³ (Apr 02)
- Re: Encrypted Remote display? Byron Copeland (Apr 05)
- Re: Encrypted Remote display? ~Kevin Davis³ (Apr 02)
- RE: Encrypted Remote display? Burton M. Strauss III (Apr 02)
- Re: Encrypted Remote display? Harry de Grote (Apr 02)
- <Possible follow-ups>
- RE: Encrypted Remote display? Halverson, Chris (Apr 01)
- RE: Encrypted Remote display? Steven Trewick (Apr 02)
- Re: Encrypted Remote display? Leonardo Piacentini (Apr 02)