I just learned that some other VNC-programs, e.g. RealVNC, support passwords with up to 255 signs.
It would be great if this security feature would be implemented into UltraVNC. If this is only possible with vnc 4.x based software, will you release UltraVNC based on v4?
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
longer password
Re: longer password
Yes, this would be greate.
But what about the DSM plugin? That uses the password als starter?
But what about the DSM plugin? That uses the password als starter?
Re: longer password
Yeah.. there are programs out there that grab the VNC remote password out of the registry no problem. I think a longer password with some sort of encryption would be perfect.
Re: longer password
If a longer password was implemented UltraVNC could remove MSlogon feature since a longer password is secure enough. This could result in a more secure and less complex (no MSLogon) program.
scorp:
If someone can run a program that reads the password from the registry and sends it home he might as well run other programs. So encrypting the password would be nice to have but is not necessary.
scorp:
If someone can run a program that reads the password from the registry and sends it home he might as well run other programs. So encrypting the password would be nice to have but is not necessary.
Last edited by Arnie_75 on 2007-01-28 18:17, edited 1 time in total.
Re: longer password
There definitely ought to be a longer password. To be quite honest, I was very surprised, if not somewhat shocked, to discover that 8 chars is the maximum.
IMHO passwords ought to accomodate up to at least 255 characters to allow passphrases - "I love Micro$oft" etc.
Foreign character sets and symbols should also not be a problem - maybe Unicode.
If for any reason the password is kept in the Registry, then it obviously has to be encrypted.
I do not really know what the problem is, or ever was - because a longer field is dead easy to implement. Deriving an enconding key for DSM off a longer password is also not a problem.
IMHO passwords ought to accomodate up to at least 255 characters to allow passphrases - "I love Micro$oft" etc.
Foreign character sets and symbols should also not be a problem - maybe Unicode.
If for any reason the password is kept in the Registry, then it obviously has to be encrypted.
I do not really know what the problem is, or ever was - because a longer field is dead easy to implement. Deriving an enconding key for DSM off a longer password is also not a problem.
Re: longer password
UltraVNC "standard" VNC password is limited to 8 chars because that was the limit of the standard VNC at the time.
And we want to maintain some sort of backward compatibility.
We do not plan to port UltravNC to the RealVNC 4x codebase, for now.
Too much work.
We want to release v1.0.3 and to solve the Vista issues first.
But the MSRC4 plugin solves the weak 8 chars VNC password problem as it implies to have a rc4.key file (with 128bit key) on both ends.
So even if your 8 char VNC password is known or guessed it is not too lethal as the attacker also needs to know the 'strong' rc4 key to be able to connect.
And we want to maintain some sort of backward compatibility.
We do not plan to port UltravNC to the RealVNC 4x codebase, for now.
Too much work.
We want to release v1.0.3 and to solve the Vista issues first.
But the MSRC4 plugin solves the weak 8 chars VNC password problem as it implies to have a rc4.key file (with 128bit key) on both ends.
So even if your 8 char VNC password is known or guessed it is not too lethal as the attacker also needs to know the 'strong' rc4 key to be able to connect.
UltraSam
Re: longer password
Why mainting backward compatibility?
And if needed, why not make a checkbox one can uncheck to use more than 8 characters?
There could be a small warning saying:
WARNING: If checkbox is unchecked passwords with up to 64 signs are used but backward compatibility with VNC is broken.
And if needed, why not make a checkbox one can uncheck to use more than 8 characters?
There could be a small warning saying:
WARNING: If checkbox is unchecked passwords with up to 64 signs are used but backward compatibility with VNC is broken.