jnw "at" realvnc.com
Mon Jan 30 15:01:01 2006
Session security involves more than just encrypting the data. The session
security provided by VNC Enterprise & Personal Editions encrypts the data to
prevent anyone able to "snoop" the network from being able to read the
session stream, as well as tamper-proofing to prevent harmful
session-rewrite attacks, protection from brute force attacks, server
identity verification, etc.
The most basic reason for using encryption is because otherwise strings of
key-presses can be snooped and used to obtain any passwords that were typed
in to the server from the viewer.
On modern processors, encryption is pretty much unnoticable in most cases,
but it does depend on the amount of data being encrypted, and on the speed
of the host system.
Wez @ RealVNC Ltd.
> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Stephen Fromm
> Sent: 28 January 2006 14:22
> To: vnc-list "at" realvnc.com
> Subject: Session encryption
> The non-free editions of VNC offer session encryption.
> If the data in my VNC session isn't all that confidential, do
> I really need
> session encryption?
> For example, suppose someone intercepts/hijacks/whatever my
> VNC session.
> Clearly, any password I type during the session would thus be
> available to
> the attacker in cleartext. But suppose I don't do that, and
> there's nothing
> in the datastream in the VNC session that's proprietary,
> confidential, etc.
> Could the attacker use the hijacked VNC session to gain
> access to the host
> I've connected to? (Viz, the host that the VNC server is running on.)
> Finally, how expensive is encryption (and decryption) in terms of CPU?
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit: