Johannes Schindelin wrote:
Hi,
On Thu, 22 Feb 2007, Anthony Liguori wrote:
Johannes Schindelin wrote:
On Thu, 22 Feb 2007, Luke-Jr wrote:
Yes. The authentication is not really secure. It only uses 16 bits if I
remember correctly, so even without access to <filename>, it can be
easily broken.
The common practice is to block after 3 attempts, but there are ways
around that, too.
[Why do you quote me as if Luke was quoted?]
Because thunderbird sucks and did it automagically.
For all practical purposes, it's a plain-text equivalent authentication
mechanism. However, it's widely supported, and provides a useful
feature so it's worth supporting.
This invariably leads to user confusion. ("But I _did_ use encryption?
What do you mean, it is not encrypted, and the handshake is weak?")
I understand. The solution is education. The documentation for vnc
auth support should make it very clear that it's plain-text equivalent.
Regards,
Anthony Liguori
Ciao,
Dscho
BTW Anothony, now that I already have you on the subject of VNC, do you
have any plans on making the documentation on
http://www.realvnc.com/docs/rfbproto.pdf a little more useful for the
extensions you registered?
_______________________________________________
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
