vnc security glitch: long passwords

Jonathan Morton chromatix "at" penguinpowered.com
Mon, 07 Aug 2000 10:41:49 +0000


> VNC doesn't complain if you try to assign a password
>longer than it actually uses.  The security problem is
>that if you habitually use such long passwords, you may
>think you're giving each host a different password, but
>you're not.  The hazard is obvious.

The VNC Server which I am writing (practically from scratch) uses an
8-character-limited entry box for the password, which bleeps if you try to
enter more than that.  If the protocol is developed in the future to allow
longer passwords, this restriction can be removed.

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi "at" cyberspace.org  (not for attachments)
uni-mail: j.d.morton "at" lancaster.ac.uk

The key to knowledge is not to rely on people to teach you it.

Get VNC Server for Macintosh from http://chromatix.autistics.org/vnc/

-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GCS$/E/S dpu(!) s:- a19 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS
PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r- y+
-----END GEEK CODE BLOCK-----
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------