Secure VNC

William Hooper whooper "at" freeshell.org
Fri Mar 12 01:24:00 2004


Mike Miller said:
> On Thu, 11 Mar 2004, William Hooper wrote:
>
>> Mike Miller said:
>>
>> > But that page says that VNC communicates in "plain text" and I've been
>> > told repeatedly that it is using some sort of X protocol that is not
>> > plain text.  It's not encrypted, but it isn't plain text either.
>> > This is important because any sniffer could easily read any plain
>> > text, but it takes a little work to read the VNC communications.
>>
>> Don't kid yourself, it is trivial.
>> http://users.tpg.com.au/adsln4yb/chaosreader.html
>>
>> In fact, the author gives the impression getting the VNC data is easier
>> than getting plain X11 data.
>
> In other words, there is a continuum of difficulty and VNC is harder to
> get than is plain text (e.g., telnet).

If you have the traffic you have both telnet and VNC with the same level
of effort.  No, VNC is not harder than plain text.  The argument used to
be "well, it's key-codes not key strokes" but with chaosreader you get the
plain text output.

>> > More importantly, the password is encrypted -- some would say that it
>> > isn't encrypted very well, but it is encrypted.
>>
>> Yes, the password verification is a "challenge-response password
>> scheme".  Everything after that is free for the taking.
>
> How secure is that password exchange?  Has anyone developed a way to crack
> it?

Relatively secure, but who needs it when you have everything else.  Ever
use the same password in more than one place?

Using a secure tunnel (especially with some kind of passphrase protected
keys or certificates) you get both stronger password protection and
encrypted traffic.  If you care if random people can see your VNC traffic,
use a secure tunnel.

--
William Hooper