Stephen:
Encryption will not help prevent "session hijacking". It's used
just to insure the privacy of your communication. Anything you do over
an un-encrypted VNC connection can be captured, saved and replayed in
the future. That kinda gives me the creeps. :)
Typical SSL encryption will present a unnoticeable amount of
CPU strain. Only if you're running a website with potentially thousands
of simultaneous SSL sessions do you need to worry about offloading the
CPU with a specialized "SSL accelerator" piece of hardware.
cheers,
Scott
The non-free editions of VNC offer session encryption.
If the data in my VNC session isn't all that confidential, do I really need
session encryption?
For example, suppose someone intercepts/hijacks/whatever my VNC session.
Clearly, any password I type during the session would thus be available to
the attacker in cleartext. But suppose I don't do that, and there's nothing
in the datastream in the VNC session that's proprietary, confidential, etc.
Could the attacker use the hijacked VNC session to gain access to the host
I've connected to? (Viz, the host that the VNC server is running on.)
Finally, how expensive is encryption (and decryption) in terms of CPU?
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
