Secure VNC

Mike Miller mbmiller "at"
Fri Mar 12 01:08:00 2004

On Thu, 11 Mar 2004, William Hooper wrote:

> Mike Miller said:
> > But that page says that VNC communicates in "plain text" and I've been
> > told repeatedly that it is using some sort of X protocol that is not
> > plain text.  It's not encrypted, but it isn't plain text either.
> > This is important because any sniffer could easily read any plain
> > text, but it takes a little work to read the VNC communications.
> Don't kid yourself, it is trivial.
> In fact, the author gives the impression getting the VNC data is easier
> than getting plain X11 data.

In other words, there is a continuum of difficulty and VNC is harder to
get than is plain text (e.g., telnet).

> > More importantly, the password is encrypted -- some would say that it
> > isn't encrypted very well, but it is encrypted.
> Yes, the password verification is a "challenge-response password
> scheme".  Everything after that is free for the taking.

How secure is that password exchange?  Has anyone developed a way to crack