Re: VNC authentication weakness

From: Constantin Kaplinsky (constat_private)
Date: Thu Jul 25 2002 - 20:29:21 PDT

Next message: Jose Nazario: "Re: VNC authentication weakness"

Previous message: 3APA3A: "SECURITY.NNOV: multiple vulnerabilities in JanaServer"
In reply to: Jack Lloyd: "Re: VNC authentication weakness"
Next in thread: Andreas Beck: "Re: VNC authentication weakness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> "JL" == Jack Lloyd <lloydat_private> writes:

JL> While looking at this, I noticed (in 3.3.3r2) that VNC seems to
JL> use the password directly as a key to DES (truncating if the size
JL> is > 8 and padding with NULL if it's < 8). Since DES ignores the
JL> low bit of each byte of the key, this seems to mean that there are
JL> many different passwords which will be accepted in place of the
JL> "real" password. (Can someone confirm this is actually the case?)

No, this is not the case. VNC uses modified DES library which ignores
the most significant bit in each byte, not the least significant. That
is, 7-bit ASCII characters cannot be confused with each other.

-- 
With Best Wishes,
Constantin

Next message: Jose Nazario: "Re: VNC authentication weakness"
Previous message: 3APA3A: "SECURITY.NNOV: multiple vulnerabilities in JanaServer"
In reply to: Jack Lloyd: "Re: VNC authentication weakness"
Next in thread: Andreas Beck: "Re: VNC authentication weakness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 26 2002 - 08:37:32 PDT