Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Security: Password and rc4.key strategies
Security: Password and rc4.key strategies
Understanding it is wise to change passwords and keys frequently, what strategies are users employing to do so with 25+ computers?
Last edited by oscar6263 on 2008-12-16 04:33, edited 1 time in total.
Re: Security: Password and rc4.key strategies
using vnc manager for deploy any update to all computers.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Re: Security: Password and rc4.key strategies
Sorry, I'll try to be more descriptive.
I understand that passwords can be reset using a remote manager such as vnc manager, vncscan, smartcode, et al. My questions are a bit more theoretical.
First how often do you change your passwords and rc4.key files?
Second, I don't know if I fully understand the security of the rc4.key files. From my reading, it gives you data encryption similar to SSL. Some have said that a SSH Tunnel and use of the DSM plugin is a waste of time as it is duplicative. Is this correct?
Also, it would seem that distributing a key via the internet would expose it to potential hackers. Kind of like entering your pin at the atm with someone looking over you shoulder. Can new keys be safely distributed via the net?
Also, how are the new keys and passwords distributed with the winvnc running? I have tried this manually, and the rc4.key file is locked and cannot be renamed or deleted. I have to admit, I haven't tried simply overwriting it.
I understand that passwords can be reset using a remote manager such as vnc manager, vncscan, smartcode, et al. My questions are a bit more theoretical.
First how often do you change your passwords and rc4.key files?
Second, I don't know if I fully understand the security of the rc4.key files. From my reading, it gives you data encryption similar to SSL. Some have said that a SSH Tunnel and use of the DSM plugin is a waste of time as it is duplicative. Is this correct?
Also, it would seem that distributing a key via the internet would expose it to potential hackers. Kind of like entering your pin at the atm with someone looking over you shoulder. Can new keys be safely distributed via the net?
Also, how are the new keys and passwords distributed with the winvnc running? I have tried this manually, and the rc4.key file is locked and cannot be renamed or deleted. I have to admit, I haven't tried simply overwriting it.
Re: Security: Password and rc4.key strategies
every 3 months if password is from dictionnary, I had never change my rc4.keyFirst how often do you change your passwords and rc4.key files?
you less need to change your password if password not from dictionnary like uZkBa!5-I since this password is unpossible to hack for long life.
but there easy software for decrypt vnc password, vncpwdump
correct, only use SSH or SSL or uvnc with dsmplugin but but not both, both is for nothing except for paranoia maniac.Some have said that a SSH Tunnel and use of the DSM plugin is a waste of time as it is duplicative. Is this correct?
you can zip + encrypt + password the rc4.key and send the zipped file encrypted file over internet.
if rc4.key is in use, you can't delete or overwrite until the winvnc closed properly. reboot safe mode, then you can delete the looked file in case of failure of winvnc with dsmplugin crash or malfunction.
Last edited by redge on 2008-12-16 22:39, edited 1 time in total.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
OS Win: xp home + vista business + 7 home
only experienced user, not developer