VNCrack (just so you know it exists)

Adrian Phillips a.phillips "at" dnmi.no
Mon, 19 Jun 2000 09:06:53 +0000 

>>>>> "Martin" == Martin C Mueller <mcm "at" itwm.uni-kl.de> writes:

    >> Date: Sun, 18 Jun 2000 18:56:15 -0600 From: Vladimir Shapovalov
    >> <vladimir "at" mercury.hec.utah.edu> Subject: Re: VNCrack (just so
    >> you know it exists)
    >> 
    >> > Date: Sat, 17 Jun 2000 22:12:32 -0500 > From: Da LiNuXnUt
    >> <slaterc "at" post.uwstout.edu> > If there was SSH integrated into
    >> VNC, it could limit VNC within the > unix platform...
    >> 
    >> Why would it if encryption was implemented in both servers and
    >> viewers?

    Martin> There are not-so-many good ssh ports outside of Unix, esp.
    Martin> Windows and Mac, so it doesn't seem trivial, licensing

This seem to be as many as Unix, certainly now that OpenSSH has been
ported to Cygwin.

    Martin> issues aside. It's a hard task to set up a really secure
    Martin> network application on your own and even more to prove
    Martin> it. Open Source is good but it requires a convincing audit
    Martin> to buy my trust. A mediocre crypto implementation is worse
    Martin> than none, since it generates the illusion of
    Martin> security. Further on there's no one-size-fits-all with
    Martin> security. And last not least it's bad design to take
    Martin> wire-level security to application level.

I agree in principle but I don't see why having different options
available as part of VNC is a bad thing.

    Martin> So after all I'd prefer to see development in VNC
    Martin> functions to increased security. That's someone else's
    Martin> job.

I agree that it may be up to others to come with patches but it would
certainly be nice to see these various patches merged, assuming the
VNC community thinks the patches should be integrated.

Sincerely,

Adrian Phillips
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------