Hi,
I'd like to use UltraVNC to connect to my server @ home through the internet. Can someone please answer some questions:
1. what is the algorythm of the dsm encryption plugin?`
2. is it safer than an ssh tunnel or how can I compare those two?
3. why is ssl not implemented in ultravnc? is it because of compability reasons to realvnc? because the putty way is not what I want to do.
thanks in advance
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Security & algoryth of the DSM Encryption Plugin
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
1. The algorithm used is RC4, using the Microsoft CryptoAPI. (Hence MSRC4 plugin 
)
2. SSL is a *protocol* that uses stream cyphers like RC4 for the bulk of the communication. Simplied, SSL does the additional step of securely negotiating and transmitting the encryption key before communication. The MSRC4 plugin does not transmit the key at all, that is done by you on installation.
3. You can look at integrated SSL with ZVNC here: http://home.comcast.net/~davedyer/znc/zvnc.html or use ZeBeDee with Ultra using instructions here: http://faq.gotomyvnc.com/fom-serve/cache/32.html
The DSMPlugin system does not support key exchange, nor does it allow direct access to the open socket, so the only way to integrate SSL would be to code it as part of the project--which the project leads decided not to do.
)2. SSL is a *protocol* that uses stream cyphers like RC4 for the bulk of the communication. Simplied, SSL does the additional step of securely negotiating and transmitting the encryption key before communication. The MSRC4 plugin does not transmit the key at all, that is done by you on installation.
3. You can look at integrated SSL with ZVNC here: http://home.comcast.net/~davedyer/znc/zvnc.html or use ZeBeDee with Ultra using instructions here: http://faq.gotomyvnc.com/fom-serve/cache/32.html
The DSMPlugin system does not support key exchange, nor does it allow direct access to the open socket, so the only way to integrate SSL would be to code it as part of the project--which the project leads decided not to do.
I just have to add that the key exchange in DSMPlugin is planned (since the end of 2003... I know).
I've done preliminary work on this point but it's not yet finished
I will probably have to restart this from scratch
Byteboon, feel free to describe the key exchange process that you'd like to have in the DSMPlugin, I'll see what I can do as soon as RC19-PreV1 is released. No promise, though...
I've done preliminary work on this point but it's not yet finished
I will probably have to restart this from scratch
Byteboon, feel free to describe the key exchange process that you'd like to have in the DSMPlugin, I'll see what I can do as soon as RC19-PreV1 is released. No promise, though...
UltraSam
Basically, a secure key exchange would work this way:
[A] = server (or more secure side)
= client
1) [A] generates a public/private key pair (RSA, or other suitable... CryptoAPI supports these)
2) [A] sends the public key
3) generates a RC4 stream key
4) encrypts the RC4 key with [A]'s public key
5) sends the encrypted RC4 key to [A]
6) [A] decrypts the RC4 key using its private key
7) Both start a session with the RC4 key
Generation of public/private key pairs (step 1) is an expensive operation, so this usually only happens once and the results are saved.
[A] = server (or more secure side)
= client
1) [A] generates a public/private key pair (RSA, or other suitable... CryptoAPI supports these)
2) [A] sends the public key
3) generates a RC4 stream key
4) encrypts the RC4 key with [A]'s public key
5) sends the encrypted RC4 key to [A]
6) [A] decrypts the RC4 key using its private key
7) Both start a session with the RC4 key
Generation of public/private key pairs (step 1) is an expensive operation, so this usually only happens once and the results are saved.