RE: [Qemu-devel] QEMU: VNC

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Qemu-devel] QEMU: VNC

From:	Christopher Olsen
Subject:	RE: [Qemu-devel] QEMU: VNC
Date:	Thu, 22 Feb 2007 11:39:51 -0500

Anthony,

I have a patch to do the vnc standard challenge-reponse method.. With the
pass passed in as a flag (for now)

-Christopher

Christopher Olsen
88B Toledo Street
Farmingdale, NY 11735

-----Original Message-----
From: address@hidden
[mailto:address@hidden
Behalf Of Anthony Liguori
Sent: Thursday, February 22, 2007 11:36 AM
To: address@hidden
Cc: Luke-Jr
Subject: Re: [Qemu-devel] QEMU: VNC

Johannes Schindelin wrote:
> Hi,
>
> On Thu, 22 Feb 2007, Luke-Jr wrote:
>
>
>> Is there a reason to not use the semi-standard -rfbauth <filename>
>> argument?

I would be happy with a patch that allowed a password to be set from the
monitor.  Storing a password in a file on disk is, IMHO, ugly.  If no
one beats me to it, I'll probably write something up this weekend.

>> Yes. The authentication is not really secure. It only uses 16 bits if I
>> remember correctly, so even without access to <filename>, it can be
easily
>> broken.
>>
>> The common practice is to block after 3 attempts, but there are ways
>> around that, too.
>>

RFB authentication is not secure for a few reasons.  The first is that
passwords are limited to 8 characters and constant padding for passwords
shorter than 8.  Furthermore, the challenge/response mechanism is prone
to man-in-the-middle attacks and replay attacks.  Triple DES is not a
very good encryption method either by modern standards.

For all practical purposes, it's a plain-text equivalent authentication
mechanism.  However, it's widely supported, and provides a useful
feature so it's worth supporting.

For real security, TLS integration is most certainly the way to go.  I
want to make sure anything we do though doesn't violate the RFB spec so
we have to validate the the authentication ids are reserved and the
protocol isn't violated in anyway (realizing there's no absolutely
secure way to do RFB and still be compatible to the spec).

Regards,

Anthony Liguori

>> Ciao,
>> Dscho
>>
>>
>>
>> _______________________________________________
>> Qemu-devel mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/qemu-devel
>>
>>

_______________________________________________
Qemu-devel mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/qemu-devel

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] FreeBSD Support, (continued)
- [Qemu-devel] QEMU: VNC, Luke-Jr, 2007/02/22
  - Re: [Qemu-devel] QEMU: VNC, Johannes Schindelin, 2007/02/22
    - Re: [Qemu-devel] QEMU: VNC, Anthony Liguori, 2007/02/22
    - RE: [Qemu-devel] QEMU: VNC, Christopher Olsen <=
    - Re: [Qemu-devel] QEMU: VNC, Johannes Schindelin, 2007/02/22
    - Re: [Qemu-devel] QEMU: VNC, Anthony Liguori, 2007/02/22
    - Re: [Qemu-devel] QEMU: VNC, Johannes Schindelin, 2007/02/22
    - Re: [Qemu-devel] QEMU: VNC, Leonardo Reiter, 2007/02/22
    - Message not available
    - Re: [Qemu-devel] QEMU: VNC, Anthony Liguori, 2007/02/22

Prev by Date: Re: [Qemu-devel] QEMU: VNC
Next by Date: Re: [Qemu-devel] QEMU: VNC
Previous by thread: Re: [Qemu-devel] QEMU: VNC
Next by thread: Re: [Qemu-devel] QEMU: VNC
Index(es):
- Date
- Thread