Mike Miller said: > On Thu, 11 Mar 2004, Scott C. Best wrote: > >> Heya. Here's some info I've collected over the years regarding >> securing VNC connections: >> >> http://faq.gotomyvnc.com/fom-serve/cache/28.html > > > But that page says that VNC communicates in "plain text" and I've been > told repeatedly that it is using some sort of X protocol that is not plain > text. It's not encrypted, but it isn't plain text either. This is > important because any sniffer could easily read any plain text, but it > takes a little work to read the VNC communications.
Don't kid yourself, it is trivial. http://users.tpg.com.au/adsln4yb/chaosreader.html In fact, the author gives the impression getting the VNC data is easier than getting plain X11 data. > More importantly, the > password is encrypted -- some would say that it isn't encrypted very well, > but it is encrypted. Yes, the password verification is a "challenge-response password scheme". Everything after that is free for the taking. -- William Hooper _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
