>>>Unless you have added encryption to it, the passwords are not encrypted. >> >>Please explain the discrepancy between the claim above and FAQ #55: > >I will freely admit that I have not studied the source code >thoroughly. I can think of three possible explanations for >the discrepancy. There may be others. > >1. This feature was added in the last four months. > >2. The document you cited is inaccurate.
Passwords are authenticated on-the-wire using a challenge/response algorithm. For storage on the server, they are typically stored in a reversible, obfuscated fashion, but not really encrypted. The rationale, I believe, is that if you can read the password from the machine, it's as good as hacked anyway without VNC's help. >3. Several people on VNC mailing lists don't know > as much as they seem to know. I think most of the "old timers" know enough - VNC is a simple enough system that it's hard to forget. -- -------------------------------------------------------------- from: Jonathan "Chromatix" Morton mail: [EMAIL PROTECTED] website: http://www.chromatix.uklinux.net/ geekcode: GCS$/E dpu(!) s:- a21 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r++ y+(*) tagline: The key to knowledge is not to rely on people to teach you it. _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list