Stephen, Session security involves more than just encrypting the data. The session security provided by VNC Enterprise & Personal Editions encrypts the data to prevent anyone able to "snoop" the network from being able to read the session stream, as well as tamper-proofing to prevent harmful session-rewrite attacks, protection from brute force attacks, server identity verification, etc.
The most basic reason for using encryption is because otherwise strings of key-presses can be snooped and used to obtain any passwords that were typed in to the server from the viewer. On modern processors, encryption is pretty much unnoticable in most cases, but it does depend on the amount of data being encrypted, and on the speed of the host system. Cheers, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Fromm > Sent: 28 January 2006 14:22 > To: [email protected] > Subject: Session encryption > > The non-free editions of VNC offer session encryption. > > If the data in my VNC session isn't all that confidential, do > I really need > session encryption? > > For example, suppose someone intercepts/hijacks/whatever my > VNC session. > Clearly, any password I type during the session would thus be > available to > the attacker in cleartext. But suppose I don't do that, and > there's nothing > in the datastream in the VNC session that's proprietary, > confidential, etc. > Could the attacker use the hijacked VNC session to gain > access to the host > I've connected to? (Viz, the host that the VNC server is running on.) > > Finally, how expensive is encryption (and decryption) in terms of CPU? > > Best, > > SJF > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
