Brute force VNC crack

Kenneth Foster fosterk "at" aenigma.net
Tue, 15 Aug 2000 22:27:06 +0000


brute forcing of passwords will always work.  There are two ways to do stop
this.

1:	Use passwords that don't show up in dictionaries.  This may be more
difficult to remember, but it makes it less likely to be cracked.  The code,
as written, uses a dictionary attack.  Not quite what it says in the title
of the crack.

2:	The other way to stop this is to change the encryption key used by your
company and recompile your server and client tools.  By changing the key no
password, even the correct one, from a non-company VNCviewer will work. At
least from my testing.


Ken Foster

-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Ernie Oporto
Sent: Tuesday, August 15, 2000 4:59 PM
To: vnc-list "at" uk.research.att.com
Subject: Brute force VNC crack


Has anyone seen this before?  Is this still true?

http://www.securiteam.com/tools/Brute_forcing_VNC_passwords.html
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------