Jonathan Morton wrote:
> combination that happens to be running a browser? Does his network admin
> require him to carry a floppy disk containing the server's encryption key,
> or does he risk having the key sniffed by one of these MITM attacks (and
> this one doesn't require modification of the stream!).
>
> The answer may be to have the server send the key in an encrypted form
> which can only be decrypted using the VNC server password, or a separate
> "key password". And then only to have that done on a "once only" basis -
Now that I think about it, I don't think it's necessarily a problem for
the host key to be passed in the clear. The only problem that arises is
that if the first time you connect to a host its address has been
hijacked by an attacker, your client will believe the attacker's host
is the real one. With SSH, for example, anyone can get the host key
just by attempting to open a connection, so having the host key
compromised can't be that much of a problem (of course, I'm assuming
the authors of SSH know what they're doing :) (This implies that the
host public/private key pair is not symmetric - some other protocol
must be used to negotiate the session key.)
> Both of the above methods need further discussion, partly due to my
> complete lack of credentials as a security expert =)
Me too - I don't want to give the impression I know too much about
this. I have read Bruce Schneier's book and poked about in the
OpenSSH code, but that's about it. Someone with real security
credentials should definitely be involved, at least in an
advisory role.
-- Joe Knapka
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
