Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Is it safe to reuse the same DSM key over and over?

Post Reply
suggersen
8
8
Posts: 9
Joined: 2004-06-02 16:55

Is it safe to reuse the same DSM key over and over?

Post by suggersen »

Is it safe to reuse the same DSM key over and over?

For the sake of simplicity, I was thinking of including a DSM key in an installer with ultraVnc included. The idea was also to have the key automatically add itself to the registry during installation (so that it will work without user-interruption, and the key would naturally be a copy of one i had installed on my computer, so the encryption would work with the client).

Then I just thought of giving out the installation-file to all kinds of clients ... buuuuut now i see on the DSM homepage - and now i quote: "Keeping your key files secure keeps your encryption secure. Changing your keys often is as prudent as changing your passwords often."

So I guess my solution is way to risky ...

Would it be hard to make a solution where a new key were installed each time a user installed the program (and then the program would mail/send me that key back, in order for me to have access to the client computer) ?


Regards

Morten

p.s. dsm = msrc4plugin
redge
1000
1000
Posts: 6797
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Post by redge »

Is it safe to reuse the same DSM key over and over?
yes, read below:
Scovel wrote:uses 128bit RC4 encryption. Added SALTing of the key for each session. This makes each session key unique. This also makes it incompatible with all earlier plugins

MSRC4Plugin 119 without rc4.key exchange
Scovel wrote:do not require a pre-shared key
...
Plugin can be used with or without a key file. If no key file is found the plugin uses a hashed version of the VNC password.

source:
http://msrc4plugin.home.comcast.net/beta.html
Last edited by redge on 2005-08-28 22:00, edited 1 time in total.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Post Reply