> -----Original Message-----
> From: Carl E. Mankinen [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 10, 2001 4:55 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: VNC stream
>
>
> VNC source code is readily available, along with some pretty
> optimized code for Rijndael AES.
> A little cut and paste, viola! you now have a fully encrypted
> VNC stream
And key exchange is done how? What about re-keying and key generation? Are
you using the same keys in both directions? What about authentication
(symmetric cipher based protocols are inherently vulnerable to active MitM)?
Cryptographic protocols are hard - one can't just "cut and paste, voila!".
This is why the authors recommend tunneling it over SSH, which is a protocol
which is peer-reviewed, under active development and made to be cipher
independant (so you can plug in AES, for example).
> and a package installation
> that no hacker is going to download somewhere.
<sniff sniff>
Wait! Smells like...Security by Obscurity!
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
