whooper "at" freeshell.org
Fri Jun 18 23:29:00 2004
Scott C. Best said:
> Heyaz. I had a question about VNC passwords. I just got this
> snippet from an email newsletter from "marketing "at" TridiaVNC" wherein it
> | VNC PASSWORDS ARE SENT IN CLEAR TEXT
> | When you type your VNC password to view a remote PC, it is sent in
> | clear, unencrypted text.
Looks like they need to get their marketing on the same page. Their web site (http://www.tridiavnc.com/) list both "raw" vnc and their product as having "password protection".
> * Would it be at all worthwhile to (similar to SSH) use a Diffie-Hellman
> transaction so that the initial random challenge was at least encrypted and
> not transmitted in plaintext?
No, it makes it worthwhile to tunnel VNC over an encrypted tunnel when on an untrusted network.