mbmiller "at" taxa.epi.umn.edu
Fri Mar 12 01:08:00 2004
On Thu, 11 Mar 2004, William Hooper wrote:
> Mike Miller said:
> > But that page says that VNC communicates in "plain text" and I've been
> > told repeatedly that it is using some sort of X protocol that is not
> > plain text. It's not encrypted, but it isn't plain text either.
> > This is important because any sniffer could easily read any plain
> > text, but it takes a little work to read the VNC communications.
> Don't kid yourself, it is trivial.
> In fact, the author gives the impression getting the VNC data is easier
> than getting plain X11 data.
In other words, there is a continuum of difficulty and VNC is harder to
get than is plain text (e.g., telnet).
> > More importantly, the password is encrypted -- some would say that it
> > isn't encrypted very well, but it is encrypted.
> Yes, the password verification is a "challenge-response password
> scheme". Everything after that is free for the taking.
How secure is that password exchange? Has anyone developed a way to crack