Question

[James Weatherall]

Harjit,

VNC Enterprise Edition's user authentication phase is secure because it
takes place only after a secure (encrypted, tamper-proof, etc) connection
has been established between viewer and server.  If session encryption is
not required then it is disabled immediately that the authentication phase
has completed.

The older VNC Password authentication scheme is secure simply because it
uses a challenge-response protocol to verify the user's password, rather
than having to pass it from viewer to server.

Regards,

Wez @ RealVNC Ltd.


> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com 
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Singh, 
> Harjit (Mission Systems)
> Sent: 29 March 2005 15:40
> To: vnc-list "at" realvnc.com
> Subject: Question
> 
> I am new to RealVNC and performing search on it particularly 
> with respect to security issues. I will appreciate if someone 
> could explain the process of communication sequentially 
> between RealVNC viewer and RealVNC server.  The expalnation 
> should start from beginning when VNC viewer want to 
> communicate to server and cover all the issues with respect 
> to authentication and encryption.  I figured from previous 
> emails that authentication is secure but would like to know 
> what makes it secure. 
>  
> I will appreciate if someone could provide their telephone 
> number to contact with if possible.
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list