Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

PCHelpWare 1.0 Security

Post Reply
salvor
Posts: 2
Joined: 2009-11-25 18:28

PCHelpWare 1.0 Security

Post by salvor »

I'm trying to recommend PCHelpWare 1.0 but I'm being blocked due to perception of weak security.

Two simple changes would eliminate all arguments:

1. Change Diffie–Hellman from 512-bit to 2048-bit.
2. Change MD5 to SHA-256 (truncate to 128 bits if needed)

I'm told that using 512-bit DH for key exchange is like using 64-bit symmetric key.

And using "64-bit security" with 256-bit Twofish doesn't make sense if performance was top priority (because using 128-bit Twofish would not have weakened security given other parts are much weaker).

I like PCHelpware much better than SC, etc. so I hope to see these arguments vanish when PCHelpWare 1.1 is released!

Long live PCHelpWare!
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6867
Joined: 2004-04-23 10:21
Contact:

Re: PCHelpWare 1.0 Security

Post by Rudi De Vos »

char p[512];
char g[256];
char A[256];
char B[256];
char key1[256];
char key2[256];
crcl1.DiffieHellman1out(16,g, p, A);
crcl2.DiffieHellman1in(16,g, p,A, B,key1);
crcl1.DiffieHellman2(B,key2);

Calculating a 512 prime number already take 4 seconds a 1024 prime
is more then 1/2 minutes....
512 == digits
1 char = 8 bit
Last edited by Rudi De Vos on 2009-11-25 20:45, edited 2 times in total.
salvor
Posts: 2
Joined: 2009-11-25 18:28

Re: PCHelpWare 1.0 Security

Post by salvor »

I agree DH can be slow, and it depends on hardware which gets faster every day. I remember 64-bit encryption being "unthinkable" to break.

Maybe the solution is to add a parameter to let to user adjust depending on their hardware?

For example, this could prevent PcHelpWare from becoming obsolete for many, many years:

1. add parameter to specify DH bit size (512 bits, 768 bits, 1024 bits, etc.)
2. add parameter to specify Hash (MD5 or SHA256)
3. add parameter to specify Cipher (Twofish-256, AES-256) having 2 choices is great just in case a flaw is discovered in one of the ciphers. I like Twofish better, but AES is better known to end-users.

SHA1 is not recommended after year 2010 due to recent discoveries, which is why I suggest SHA256. And MD5 has a bad perception even among people who don't understand hash collisions.

These enhancements might be very simple, assuming a 3rd-party crypto library is used. And it would certainly justify a 1.1 or 2.0 version number :)
Post Reply