Is it safe to reuse the same DSM key over and over?

suggersen · Post by **suggersen** » 2004-06-13 01:46

Is it safe to reuse the same DSM key over and over?

For the sake of simplicity, I was thinking of including a DSM key in an installer with ultraVnc included. The idea was also to have the key automatically add itself to the registry during installation (so that it will work without user-interruption, and the key would naturally be a copy of one i had installed on my computer, so the encryption would work with the client).

Then I just thought of giving out the installation-file to all kinds of clients ... buuuuut now i see on the DSM homepage - and now i quote: "Keeping your key files secure keeps your encryption secure. Changing your keys often is as prudent as changing your passwords often."

So I guess my solution is way to risky ...

Would it be hard to make a solution where a new key were installed each time a user installed the program (and then the program would mail/send me that key back, in order for me to have access to the client computer) ?

Regards

Morten

p.s. dsm = msrc4plugin

redge · Post by **redge** » 2005-08-28 21:54

Is it safe to reuse the same DSM key over and over?

yes, read below:

Scovel wrote:uses 128bit RC4 encryption. Added SALTing of the key for each session. This makes each session key unique. This also makes it incompatible with all earlier plugins

MSRC4Plugin 119 without rc4.key exchange

Scovel wrote:do not require a pre-shared key
...
Plugin can be used with or without a key file. If no key file is found the plugin uses a hashed version of the VNC password.

source:
http://msrc4plugin.home.comcast.net/beta.html