|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] QEMU: VNC |
Date: | Thu, 22 Feb 2007 11:29:21 -0600 |
User-agent: | Thunderbird 1.5.0.9 (X11/20070103) |
Johannes Schindelin wrote:
Hi, On Thu, 22 Feb 2007, Anthony Liguori wrote:Johannes Schindelin wrote:On Thu, 22 Feb 2007, Luke-Jr wrote:Yes. The authentication is not really secure. It only uses 16 bits if I remember correctly, so even without access to <filename>, it can be easily broken. The common practice is to block after 3 attempts, but there are ways around that, too.[Why do you quote me as if Luke was quoted?]
Because thunderbird sucks and did it automagically.
For all practical purposes, it's a plain-text equivalent authentication mechanism. However, it's widely supported, and provides a useful feature so it's worth supporting.This invariably leads to user confusion. ("But I _did_ use encryption? What do you mean, it is not encrypted, and the handshake is weak?")
I understand. The solution is education. The documentation for vnc auth support should make it very clear that it's plain-text equivalent.
Regards, Anthony Liguori
Ciao, DschoBTW Anothony, now that I already have you on the subject of VNC, do you have any plans on making the documentation on http://www.realvnc.com/docs/rfbproto.pdf a little more useful for the extensions you registered?
[Prev in Thread] | Current Thread | [Next in Thread] |