On 03.05.2012, at 10:29, Daniel P. Berrange wrote: > On Wed, May 02, 2012 at 03:32:56PM -0400, Paul Moore wrote: >> FIPS 140-2 requires disabling certain ciphers, including DES, which is used >> by VNC to obscure passwords when they are sent over the network. The >> solution for FIPS users is to disable the use of VNC password auth when the >> host system is operating in FIPS mode.
So that means "no password" is more secure according to FIPS than "DES encrypted password"? Alex
