VNC Authentication

Greg Hewgill gregh "at" lightspeed.net
Tue, 14 Jul 1998 23:56:32 +0000


>I have just started experimenting with VNC.  My question is regarding
>password authentication from a client to a host.  Is this a clear text
>password, or is there some encryption method?

The default VNC authentication mechanism uses a challenge-response method.
This is based on a one-way hash algorithm and (for all practical purposes)
is not possible to reverse engineer by sniffing packets.

Of course, if someone can sniff your authentication packets, they can also
sniff the VNC data stream and theoretically see what you're seeing. If you
run VNC through ssh or other encryption wrapper you can safeguard yourself
from this kind of attack.

Greg Hewgill


---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------