> You cannot just KISS, not with encryption, this is the point. You > cannot just apply AES to the stream. How do you plan to agree on the > keys used for encryption ? Use the VNC password ? I think not, you > have not enough entropy in a normal password). How do you plan to > exchange the keys in a safe way (remember this are the keys used to > encrypt the AES tunnel, so you don't have encryption in place). Now > let's assume you get one / some random 128 (or more) bits key(s) and > manage to exchange them somehow securely (let's say you go to each > host and remote with floppies). How do you plan to make the > authentication ? Just encrypt the streams and leave the remote<->host > trying to find each other like deaf bats ? What if an attacker records > and plays back the stream at a later time ? And this is the simple > part, to put all the pieces together. There are a lot of design > problems to be solved BEFORE you start writing ONE line of code. But > it is _very_ hard to write secure code, even if you have a very good > and complete algorithm. Many > trusted programs (like apache, openssh) had at least one big remote > buffer overflow last year. And we are talking about software using > well known algorithms, not some one week old inventions, with very > good track record for security. It is _extremely_ unlikely to invent > and > to implement something even remotely secure as openssh (which is not > bulletproof) in one year, as a plugin for vnc.
...which is why I would employ standard protocols for these things. i.e. RSA, SHA, AES. That's why they exist. > Sometimes it is better > to know that you have no security/encryption than to rely on bad > security/encryption. I suppose... but I'd say that it is usually better to be somewhat secure than not at all. The lock on the front door of my house does not 100% guarantee that it will keep bad people out, but I am certainly more secure by having it there than if I just left it wide open. > And you will _not_ have good security/encryption > as an afterthought for vnc (not that I don't trust the vnc > programmers). > SSH utilizes the standard protocols I've mentioned (among others). Why not use them as well? You don't need to pull the entire functionality of SSH into VNC in order to do this. I'm not a security expert, but doesn't the KISS concept apply to it as well? Is enormous complexity somehow more secure than a simpler system? Isn't a complex system far and away more likely to have flaws in it? _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
