Hello,
I just noticed that the MSRC plugin does not require a key in order to work properly as it will just hash the password. Which way is recommended or are they equally as secure?
Thanks,
Jason
Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Key or No Key?
Re: Key or No Key?
relatedScovel wrote:If you don't have a key file the following happens:
The plugins generate a 128 Bit random IV (Initial Vector) and exchange them. The password is hashed using 128 MD5 hash. A random 128 Bit SALT is generated and added to the key.
The 128 Bit hashed/SALTed password and the IV are used to start the encryption stream. This is effectivly a 128 bit session key that changes with each connection. No real need for a key file anymore. The only way this process could be improved is if UltraVNC supported more than 8 characters for the password.
If you DO have a key, the 128 Bit key is used instead of the password, but all of the above still happen.
That is the BIG improvement of 1.2.0 over 1.1.8.
Sean
[topic=6708][/topic]
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Re: Key or No Key?
Arnie_75 wrote:Is connecting via KEY more secure?
Scovel wrote:Short answer, a little, because the key has more bits than the password can.
Key = 128 Bits
Password = 64 Bits
Both are hashed into a 128 Bit session key.
Sean
mag wrote:what's the purpose of the key then?
redge wrote:2 purposes
* for travelling and limited access to registry or read only.
vncviewer+rc4.key+msrc4plugin_noreg.dsm on USB storage
* for SingleClick (SC) cannot use password not existing due reverse connection and need the key.
otherwise, without rc4.key msrc4plugin ask password and authentication always fail.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Re: Key or No Key?
Also,
If you have a key, any intruder has to have 2 pieces of information, your password AND your key, in order to break into your computer.
Sean
If you have a key, any intruder has to have 2 pieces of information, your password AND your key, in order to break into your computer.
Sean
-
greatbarrier86
- 8
- Posts: 13
- Joined: 2006-06-12 16:47
Re: Key or No Key?
Ah...this is good to know! Thanks for the input!