VNC Passwords

[William Hooper]

Scott C. Best said:
> Heyaz. I had a question about VNC passwords. I just got this
> snippet from an email newsletter from "marketing "at" TridiaVNC" wherein it 
> states:
> 
> 
> | VNC PASSWORDS ARE SENT IN CLEAR TEXT
> |
> | When you type your VNC password to view a remote PC, it is sent in
> | clear, unencrypted text. 

Looks like they need to get their marketing on the same page.  Their web site (http://www.tridiavnc.com/) list both "raw" vnc and their product as having "password protection".

> * Would it be at all worthwhile to (similar to SSH) use a Diffie-Hellman
> transaction so that the initial random challenge was at least encrypted and
> not transmitted in plaintext?

No, it makes it worthwhile to tunnel VNC over an encrypted tunnel when on an untrusted network.

-- 
William Hooper