[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] vnc: disable VNC password authentication (secur
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH] vnc: disable VNC password authentication (security type 2) when in FIPS mode |
Date: |
Wed, 2 May 2012 10:16:11 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Tue, May 01, 2012 at 06:26:05PM -0500, Anthony Liguori wrote:
> On 05/01/2012 04:20 PM, Paul Moore wrote:
> >FIPS 140-2 requires disabling certain ciphers, including DES, which is used
> >by VNC to obscure passwords when they are sent over the network. The
> >solution for FIPS users is to disable the use of VNC password auth when the
> >host system is operating in FIPS mode.
>
> Sorry, what?
>
> Does FIPS really require software to detect when FIPS is enabled and
> actively disable features??? That's absurd.
>
> Can you point to another software package that does something like this?
All the SSL libraries for a start (NSS, OpenSSL & GNUTLS). If we were
using one of those for the VNC DES code we would be disabled.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|