On Friday 27 February 2004 02:32, Seak, Teng-Fong wrote: > So finally, with what all of you have written, you're saying/confirming > that VNC is still secure?
No, I was making no comment whatever about the overall security or otherwise of VNC. I was simply saying that with a *well chosen* password, brute force attacks are not a big factor in the equation, provided a time delay is in place - which is the case for VNC. As far as I can tell, no one has said that VNC is 'secure'. Only that, in many situations, if used wisely, it may be secure enough depending on your purpose. >From the FAQ (http://www.realvnc.com/faq.html#security) ... if the computer or network is connected to the internet, we strongly advise the use of additional security. See how to make VNC secure using SSH. The fact that if used without '3rd party encryption' VNC passes all keystokes 'in the clear' is of great concern to me. It means, for example, that when providing support to a remote user via VNC across the net (and not via a VPN) if at all possible I get *them* to type in any passwords for email connections etc. Personally, I would be much happier if VNC had SSL encryption (well, probably TLS actually) for the entire data stream as an option. But my position on all open-source software is that I can either accept what it does, change it myself and submit patches, or pay for it to be changed. As it stands, I am very happy with the performance of VNC 4 over a SSH encrypted/compressed link. I hope this clears up my position. Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +11 hrs) http://www.openminddev.net _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
