[Cryptography] Secure VNC implementation
Albert Lunde
atlunde at panix.com
Sat Aug 27 05:25:01 EDT 2016
On 8/26/2016 8:21 PM, John Levine wrote:
>> I did a bit of research on this field and nothing look too pleasing.
>> The best solution so far seem to be enterprise RealVNC. Would be
>> grateful to hear what people think about this solution
>
> Depends what you mean by secure. VNC is a pretty simple design that
> sends a stream of keyboard and mouse events from the client to the
> host, and a stream of frame buffer updates from the host to the
> client. It's described in RFC 6143.
>
> It has no meaningful security built in, but it can run over anything
> that looks like a virtual circuit. People usually run it over ssh, so
> whatever you think of ssh's security, that is VNC's security.
RealVNC uses protocol extensions to do AES encryption and use OS
passwords, not the trivial passwords of the original VNC protocol, so
it's a substantially different protocol than all the free VNC
implementations out there, that doesn't rely on SSH Tunneling.
It seems to be a solid, supported commercial product with clients and
servers for several platforms. One licenses a server, their VNC client
for Windows is free.
I'm using the Windows version, I've had some practical difficulties with
getting the server to restart after MS patching and with something else
capturing the terminal session on occasion, but those don't appear to be
protocol weaknesses.
--
Albert Lunde albert-lunde at northwestern.edu
atlunde at panix.com (address for personal mail)
More information about the cryptography
mailing list