Re: [Qemu-devel] QEMU: VNC

[Anthony Liguori]

Johannes Schindelin wrote:
> Hi,
>
> On Thu, 22 Feb 2007, Anthony Liguori wrote:
>
>   
> > Johannes Schindelin wrote:
> >     
> > > On Thu, 22 Feb 2007, Luke-Jr wrote:
> > >
> > >       
> > > > Yes. The authentication is not really secure. It only uses 16 bits if I
> > > > remember correctly, so even without access to <filename>, it can be
> > > > easily broken.
> > > >
> > > > The common practice is to block after 3 attempts, but there are ways
> > > > around that, too.
> > > >     
> > > >         
>
> [Why do you quote me as if Luke was quoted?]
>   

Because thunderbird sucks and did it automagically.

> > For all practical purposes, it's a plain-text equivalent authentication 
> > mechanism.  However, it's widely supported, and provides a useful 
> > feature so it's worth supporting.
> >     
>
> This invariably leads to user confusion. ("But I _did_ use encryption? 
> What do you mean, it is not encrypted, and the handshake is weak?")
>   

I understand.  The solution is education.  The documentation for vnc 
auth support should make it very clear that it's plain-text equivalent.

Regards,

Anthony Liguori

> Ciao,
> Dscho
>
> BTW Anothony, now that I already have you on the subject of VNC, do you 
> have any plans on making the documentation on 
> http://www.realvnc.com/docs/rfbproto.pdf a little more useful for the 
> extensions you registered?
>
>
>