On Thu, 11 Mar 2004, William Hooper wrote: > Mike Miller said: > > > But that page says that VNC communicates in "plain text" and I've been > > told repeatedly that it is using some sort of X protocol that is not > > plain text. It's not encrypted, but it isn't plain text either. > > This is important because any sniffer could easily read any plain > > text, but it takes a little work to read the VNC communications. > > Don't kid yourself, it is trivial. > http://users.tpg.com.au/adsln4yb/chaosreader.html > > In fact, the author gives the impression getting the VNC data is easier > than getting plain X11 data.
In other words, there is a continuum of difficulty and VNC is harder to get than is plain text (e.g., telnet). > > More importantly, the password is encrypted -- some would say that it > > isn't encrypted very well, but it is encrypted. > > Yes, the password verification is a "challenge-response password > scheme". Everything after that is free for the taking. How secure is that password exchange? Has anyone developed a way to crack it? Mike _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
