From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1HKHl2-0003ck-00
	for qemu-devel@nongnu.org; Thu, 22 Feb 2007 12:29:28 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1HKHkz-0003cQ-NI
	for qemu-devel@nongnu.org; Thu, 22 Feb 2007 12:29:26 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1HKHkz-0003cN-IP
	for qemu-devel@nongnu.org; Thu, 22 Feb 2007 12:29:25 -0500
Received: from wx-out-0506.google.com ([66.249.82.231])
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1HKHkz-00054E-7p
	for qemu-devel@nongnu.org; Thu, 22 Feb 2007 12:29:25 -0500
Received: by wx-out-0506.google.com with SMTP id i30so356740wxd
	for <qemu-devel@nongnu.org>; Thu, 22 Feb 2007 09:29:24 -0800 (PST)
Message-ID: <45DDD2F1.7070405@codemonkey.ws>
Date: Thu, 22 Feb 2007 11:29:21 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] QEMU: VNC
References: <200702220519.10448.luke-jr@utopios.org>
	<Pine.LNX.4.63.0702221720410.22628@wbgn013.biozentrum.uni-wuerzburg.de>
	<45DDC65A.2030001@codemonkey.ws>
	<Pine.LNX.4.63.0702221744140.22628@wbgn013.biozentrum.uni-wuerzburg.de>
In-Reply-To: <Pine.LNX.4.63.0702221744140.22628@wbgn013.biozentrum.uni-wuerzburg.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Cc: Luke-Jr <luke-jr@utopios.org>, qemu-devel@nongnu.org

Johannes Schindelin wrote:
> Hi,
>
> On Thu, 22 Feb 2007, Anthony Liguori wrote:
>
>   
>> Johannes Schindelin wrote:
>>     
>>> On Thu, 22 Feb 2007, Luke-Jr wrote:
>>>
>>>       
>>>> Yes. The authentication is not really secure. It only uses 16 bits if I
>>>> remember correctly, so even without access to <filename>, it can be
>>>> easily broken.
>>>>
>>>> The common practice is to block after 3 attempts, but there are ways
>>>> around that, too.
>>>>     
>>>>         
>
> [Why do you quote me as if Luke was quoted?]
>   

Because thunderbird sucks and did it automagically.

>> For all practical purposes, it's a plain-text equivalent authentication 
>> mechanism.  However, it's widely supported, and provides a useful 
>> feature so it's worth supporting.
>>     
>
> This invariably leads to user confusion. ("But I _did_ use encryption? 
> What do you mean, it is not encrypted, and the handshake is weak?")
>   

I understand.  The solution is education.  The documentation for vnc 
auth support should make it very clear that it's plain-text equivalent.

Regards,

Anthony Liguori

> Ciao,
> Dscho
>
> BTW Anothony, now that I already have you on the subject of VNC, do you 
> have any plans on making the documentation on 
> http://www.realvnc.com/docs/rfbproto.pdf a little more useful for the 
> extensions you registered?
>
>
>