Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Security & algoryth of the DSM Encryption Plugin

Post Reply
happy13

Security & algoryth of the DSM Encryption Plugin

Post by happy13 »

Hi,

I'd like to use UltraVNC to connect to my server @ home through the internet. Can someone please answer some questions:

1. what is the algorythm of the dsm encryption plugin?`
2. is it safer than an ssh tunnel or how can I compare those two?
3. why is ssl not implemented in ultravnc? is it because of compability reasons to realvnc? because the putty way is not what I want to do.

thanks in advance
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6862
Joined: 2004-04-23 10:21
Contact:

Post by Rudi De Vos »

We use the MS Encryption API.

The code does NOT contain any encryption software.
We leave it to MS to find bugs and improve the encryption...

Main reason is the export restriction on encryption software.

Try to google for MS encryption end SSL, don't know the status between both.
byteboon
20
20
Posts: 34
Joined: 2004-08-10 23:57
Location: Canada
Contact:

Post by byteboon »

1. The algorithm used is RC4, using the Microsoft CryptoAPI. (Hence MSRC4 plugin :) )

2. SSL is a *protocol* that uses stream cyphers like RC4 for the bulk of the communication. Simplied, SSL does the additional step of securely negotiating and transmitting the encryption key before communication. The MSRC4 plugin does not transmit the key at all, that is done by you on installation.

3. You can look at integrated SSL with ZVNC here: http://home.comcast.net/~davedyer/znc/zvnc.html or use ZeBeDee with Ultra using instructions here: http://faq.gotomyvnc.com/fom-serve/cache/32.html

The DSMPlugin system does not support key exchange, nor does it allow direct access to the open socket, so the only way to integrate SSL would be to code it as part of the project--which the project leads decided not to do.
<b>Jeremy Cross</b>
Developer
Network<i>Streaming</i>
http://www.networkstreaming.com
UltraSam
Admin & Developer
Admin & Developer
Posts: 462
Joined: 2004-04-26 20:55
Contact:

Post by UltraSam »

I just have to add that the key exchange in DSMPlugin is planned (since the end of 2003... I know).
I've done preliminary work on this point but it's not yet finished
I will probably have to restart this from scratch :?

Byteboon, feel free to describe the key exchange process that you'd like to have in the DSMPlugin, I'll see what I can do as soon as RC19-PreV1 is released. No promise, though...
UltraSam
byteboon
20
20
Posts: 34
Joined: 2004-08-10 23:57
Location: Canada
Contact:

Post by byteboon »

Basically, a secure key exchange would work this way:

[A] = server (or more secure side)
= client

1) [A] generates a public/private key pair (RSA, or other suitable... CryptoAPI supports these)
2) [A] sends the public key
3) generates a RC4 stream key
4) encrypts the RC4 key with [A]'s public key
5) sends the encrypted RC4 key to [A]
6) [A] decrypts the RC4 key using its private key
7) Both start a session with the RC4 key

Generation of public/private key pairs (step 1) is an expensive operation, so this usually only happens once and the results are saved.
<b>Jeremy Cross</b>
Developer
Network<i>Streaming</i>
http://www.networkstreaming.com
Post Reply