On 03.05.2012, at 10:29, Daniel P. Berrange wrote:

> On Wed, May 02, 2012 at 03:32:56PM -0400, Paul Moore wrote:
>> FIPS 140-2 requires disabling certain ciphers, including DES, which is used
>> by VNC to obscure passwords when they are sent over the network.  The
>> solution for FIPS users is to disable the use of VNC password auth when the
>> host system is operating in FIPS mode.

So that means "no password" is more secure according to FIPS than "DES 
encrypted password"?


Reply via email to