VNCrack (just so you know it exists)
James ''Wez'' Weatherall
jnw22 "at" cam.ac.uk
Fri, 16 Jun 2000 10:57:05 +0000
> Actually, this is a SERIOUS threat. It doesn't matter how good your
> password is, even on my 486sx/25 it cracks it in a split-second if you
have
> the ~/.vnc/passwd file handy
That's because the passwd file is encrypted with a well-known key, so they
just decrypt it trivially! (It's only encrypted to prevent people reading
the text over your shoulder or similar if you accidentally open it)
Fundamentally if you let people have access to your password files then
you're in deep doo-doo.
Cheers,
James "Wez" Weatherall
--
"Xenophobes should go back to Xenophobia"
Laboratory for Communications Engineering, Cambridge - Tel : 766513
AT&T Labs Cambridge, UK - Tel : 343000
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------