On Fri, 2003-06-06 at 04:37, Anders Reed Mohn wrote: > I'm not very experienced in this, so I'd like to know if I missed something. > Once before, I've seen people claim that it passwords (for VNC) > were sent in clear text, but I couldn't see them then either. > I use Ethereal for packet captures.
The reason you can't see VNC passwords in a sniffer is they are never actually sent across the wire. They are used as an encryption key. The server sends a randomly generated string of data and the client encrypts it with the password and sends it back (or the reverse, can't remember). Only the random string in question ever goes over the wire during authentication. -- ------------ James V. Fields --------------------------------------------------------------------------- ----------------------------------------------------------------------------
