Brandon, Changing the encryption key of the password stored in the registry will provide a false sense of security, since anyone who can read it will be able to brute-force attack it in order to work around you having changed the obfuscation key. It can't be read by sniffing the network since the VNC Authentication scheme is challenge-response, and so never actually sends the password, encrypted or otherwise.
Under NT/2K/XP, VNC 4 assigns the registry permissions of the password key to be accessible only to the SYSTEM account, and to members of the Administrators group. If you don't already trust both of those then having them unobfuscate the VNC password is probably the least of your problems! Under Linux, a user's password is stored obfuscated in ~/.vnc/passwd, and is only readable/writable by that user, so no-one else can read & unobfuscate it unless those permissions are changed or some other security breach has occurred. The need for these passwords to be stored at all dissappears if local user account authentication is used, as is available in VNC Enterprise Edition. Cheers, Wez @ RealVNC Ltd. > Hey list, > > I am currently running VNC on a number if different systems, > both Windows based and Linux based. As many of these systems > contain sensitive data, I'm looking to make them as secure as > possible, while still keeping VNC on them. However, from what > I've read, VNC uses the same key to encrypt all passwords, > and that this key is easily obtainable, making it relatively > easy to decrypt the password if someone happens to sniff it > out in encrypted form. So, what I'd like to do is change the > key used to encrypt passwords, and then set up the passwords > on these systems again. Trouble is... I haven't had any luck > finding out how to do this. Can anyone enlighten me on this? > Ideally, I'd like to do it to all machines and both platforms. > > Thank you, > Brandon _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
