Option "rfbport" in xorg.conf?
Calvin Webster
cwebster "at" ec.rr.com
Mon Sep 11 16:28:01 2006
I was unable to find any reference to 56-bit DES in the docs.
"vncpasswd" says an "obfuscated version of the password" is stored in
the file when setting the password. "When accessing a VNC desktop a
challenge-response mechanism is used over the wire...". This could mean
it is a simple hash (no encryption) or simple encryption.
Regardless, even if it is 56-bit DES, it not a safe way to leave ports
open to the Internet, especially if you have a wide-band cable
connection. My firewall gets hit hundreds of times each day. They only
have to get it right once. ;) This is even more critical if you are
exporting the console display (:0).
--Cal Webster
On Mon, 2006-09-11 at 10:46, Alex Nicolaou wrote:
> method allows anyone to sniff your passwords and traffic since
> it is
> unencrypted.
>
> This is not totally correct. The VNC authentication is (last time I
> checked) 56-bit DES challenge/response.
>
> It has been pretty trivially brute-forceable for more than 5-years,
> but the password itself is not sniffable.
>
> alex