Hi On Thu, Mar 09, 2006 at 12:52:00AM -0300, Javier Kohen wrote: > El mié, 08-03-2006 a las 22:17 +0100, Ola Lundqvist escribió: > > Hi > > > > I can imagine that there is no checks whatsoever in this tool about > > the input size. > > I'm not familiar with the authentication method used by VNC, but I would > expect it to be benefited from the additional entropy in a longer > password. Even if the tool is modified to check the input size, it would > be nice to know that all input is used. Of course, this is more of a > wishlist issue.
>From what I remember only 8 bytes of the password was actually used by the algorithm but I'm not sure. Yes it is a bad one, and it is bad to send it in plaintext but that is how the VNC protocol is. :( > > I'll see if there is any easy fix for this. > > If not, I'd appreciate it if you could forward this to upstream. The problem is that upstream do not support the open source version. They only support their "corporate version" that have much better authentication and other features. VNC is open source software without support from upstream. > > Have you determined how many characters is useful and work? > > No, I haven't. I've seen it fail with passwords generated by apg, which > I think were 9- or 10-character long, but I also seem to recall that it > sometimes worked with passwords of that length. It sounds like I remember, then. Thanks. Regards, // Ola > Thanks, > -- > Javier Kohen <[EMAIL PROTECTED]> > ICQ: blashyrkh #2361802 > Jabber: [EMAIL PROTECTED] -- --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ---- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | http://www.opal.dhs.org Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
