I was unable to find any reference to 56-bit DES in the docs. "vncpasswd" says an "obfuscated version of the password" is stored in the file when setting the password. "When accessing a VNC desktop a challenge-response mechanism is used over the wire...". This could mean it is a simple hash (no encryption) or simple encryption.
Regardless, even if it is 56-bit DES, it not a safe way to leave ports open to the Internet, especially if you have a wide-band cable connection. My firewall gets hit hundreds of times each day. They only have to get it right once. ;) This is even more critical if you are exporting the console display (:0). --Cal Webster On Mon, 2006-09-11 at 10:46, Alex Nicolaou wrote: > method allows anyone to sniff your passwords and traffic since > it is > unencrypted. > > This is not totally correct. The VNC authentication is (last time I > checked) 56-bit DES challenge/response. > > It has been pretty trivially brute-forceable for more than 5-years, > but the password itself is not sniffable. > > alex _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
