Re: [Qemu-devel] QEMU: VNC

[Anthony Liguori]

Johannes Schindelin wrote:
> Hi,
>
> On Thu, 22 Feb 2007, Luke-Jr wrote:
>
>   
> > Is there a reason to not use the semi-standard -rfbauth <filename> 
> > argument?

I would be happy with a patch that allowed a password to be set from the 
monitor.  Storing a password in a file on disk is, IMHO, ugly.  If no 
one beats me to it, I'll probably write something up this weekend.

> > Yes. The authentication is not really secure. It only uses 16 bits if I 
> > remember correctly, so even without access to <filename>, it can be easily 
> > broken.
> >
> > The common practice is to block after 3 attempts, but there are ways 
> > around that, too.
> >     

RFB authentication is not secure for a few reasons.  The first is that 
passwords are limited to 8 characters and constant padding for passwords 
shorter than 8.  Furthermore, the challenge/response mechanism is prone 
to man-in-the-middle attacks and replay attacks.  Triple DES is not a 
very good encryption method either by modern standards.

For all practical purposes, it's a plain-text equivalent authentication 
mechanism.  However, it's widely supported, and provides a useful 
feature so it's worth supporting.

For real security, TLS integration is most certainly the way to go.  I 
want to make sure anything we do though doesn't violate the RFB spec so 
we have to validate the the authentication ids are reserved and the 
protocol isn't violated in anyway (realizing there's no absolutely 
secure way to do RFB and still be compatible to the spec).

Regards,

Anthony Liguori

> > Ciao,
> > Dscho
> >
> >
> >
> > _______________________________________________
> > Qemu-devel mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/qemu-devel
> >
> >