On Wed, 25 Feb 2004, William Hooper wrote: > Seak, Teng-Fong said: > > Talking about security, there's one severe bug that needs to be > > corrected. Months ago, someone reported that even though we could define > > a long password, but the effective number of letters is only 8 (eight)! > > This isn't a bug, it is a documented limitation. > > http://www.uk.research.att.com/archive/vnc/faq.html#q55 > "While we're on the subject of security, you should also be aware that > only the first 8 characters of VNC passwords are significant. This is > because the 'getpass' call used in the Unix server to read a password has > this restriction, and the other platforms have been made compatible with > this."
Interesting. Is it not possible to compile this functionality into the program so that it doesn't have to use the system call? I think eight character passwords are OK but it would be nice to allow longer ones. If longer ones can't be used, it would be nice to reject passwords that exceed 8 characters. Example (stupid!) password: maryanne^X5g#L9 This would give the user a false sense of security because this is her real password: maryanne She would still enter maryanne^X5g#L9 everytime she logged in, never knowing that the charcters after 'e' are being ignored! If she knew they were being ignored, she could use this password instead... ^X5g#L9 ...and be much safer. Mike _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
