Changing the encryption key?
phaethar "at" mn.rr.com
Tue Nov 23 16:09:01 2004
I am currently running VNC on a number if different systems, both
Windows based and Linux based. As many of these systems contain
sensitive data, I'm looking to make them as secure as possible, while
still keeping VNC on them. Now, from what I've read, VNC uses the same
key to encrypt all passwords, and that this key is easily obtainable,
making it relatively easy to decrypt the password if someone happens to
somehow get onto the box or gain control of it remotely. Now, I know
that at that point it's probably too late. But, as this came up as a
vulnerability in a recent security audit, I'd really like to find out if
it's possible to change the private key that VNC uses to encrypt it's
passwords. If it is, I'll change the key and re-do all my passwords.
Trouble is... I haven't had any luck finding out how to do this. Can
anyone enlighten me on this? Ideally, I'd like to do it to all machines
and both platforms.