whooper "at" freeshell.org
Fri Mar 12 00:03:01 2004
Mike Miller said:
> On Thu, 11 Mar 2004, Scott C. Best wrote:
>> Heya. Here's some info I've collected over the years regarding
>> securing VNC connections:
> But that page says that VNC communicates in "plain text" and I've been
> told repeatedly that it is using some sort of X protocol that is not plain
> text. It's not encrypted, but it isn't plain text either. This is
> important because any sniffer could easily read any plain text, but it
> takes a little work to read the VNC communications.
Don't kid yourself, it is trivial.
In fact, the author gives the impression getting the VNC data is easier
than getting plain X11 data.
> More importantly, the
> password is encrypted -- some would say that it isn't encrypted very well,
> but it is encrypted.
Yes, the password verification is a "challenge-response password scheme".
Everything after that is free for the taking.