From: "Christopher Olsen" <cwolsen@domainatlantic.com>
To: qemu-devel@nongnu.org
Subject: RE: [Qemu-devel] QEMU: VNC
Date: Thu, 22 Feb 2007 11:39:51 -0500 [thread overview]
Message-ID: <DPECJEHGLGCLMELPLDPLOECJCJAA.cwolsen@domainatlantic.com> (raw)
In-Reply-To: <45DDC65A.2030001@codemonkey.ws>
Anthony,
I have a patch to do the vnc standard challenge-reponse method.. With the
pass passed in as a flag (for now)
-Christopher
Christopher Olsen
88B Toledo Street
Farmingdale, NY 11735
-----Original Message-----
From: qemu-devel-bounces+cwolsen=domainatlantic.com@nongnu.org
[mailto:qemu-devel-bounces+cwolsen=domainatlantic.com@nongnu.org]On
Behalf Of Anthony Liguori
Sent: Thursday, February 22, 2007 11:36 AM
To: qemu-devel@nongnu.org
Cc: Luke-Jr
Subject: Re: [Qemu-devel] QEMU: VNC
Johannes Schindelin wrote:
> Hi,
>
> On Thu, 22 Feb 2007, Luke-Jr wrote:
>
>
>> Is there a reason to not use the semi-standard -rfbauth <filename>
>> argument?
I would be happy with a patch that allowed a password to be set from the
monitor. Storing a password in a file on disk is, IMHO, ugly. If no
one beats me to it, I'll probably write something up this weekend.
>> Yes. The authentication is not really secure. It only uses 16 bits if I
>> remember correctly, so even without access to <filename>, it can be
easily
>> broken.
>>
>> The common practice is to block after 3 attempts, but there are ways
>> around that, too.
>>
RFB authentication is not secure for a few reasons. The first is that
passwords are limited to 8 characters and constant padding for passwords
shorter than 8. Furthermore, the challenge/response mechanism is prone
to man-in-the-middle attacks and replay attacks. Triple DES is not a
very good encryption method either by modern standards.
For all practical purposes, it's a plain-text equivalent authentication
mechanism. However, it's widely supported, and provides a useful
feature so it's worth supporting.
For real security, TLS integration is most certainly the way to go. I
want to make sure anything we do though doesn't violate the RFB spec so
we have to validate the the authentication ids are reserved and the
protocol isn't violated in anyway (realizing there's no absolutely
secure way to do RFB and still be compatible to the spec).
Regards,
Anthony Liguori
>> Ciao,
>> Dscho
>>
>>
>>
>> _______________________________________________
>> Qemu-devel mailing list
>> Qemu-devel@nongnu.org
>> http://lists.nongnu.org/mailman/listinfo/qemu-devel
>>
>>
_______________________________________________
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
next prev parent reply other threads:[~2007-02-22 16:39 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-22 5:19 [Qemu-devel] QEMU: VNC Luke-Jr
2007-02-22 16:22 ` Johannes Schindelin
2007-02-22 16:35 ` Anthony Liguori
2007-02-22 16:39 ` Christopher Olsen [this message]
2007-02-22 17:18 ` Johannes Schindelin
2007-02-22 17:29 ` Anthony Liguori
2007-02-22 17:35 ` Johannes Schindelin
2007-02-22 17:55 ` Leonardo Reiter
[not found] ` <200702221044.48581.luke@dashjr.org>
2007-02-22 17:27 ` Anthony Liguori
-- strict thread matches above, loose matches on Subject: below --
2007-02-16 19:02 Christopher Olsen
2007-02-16 20:57 ` Anthony Liguori
2007-02-18 20:36 ` Christopher Olsen
2007-02-18 23:08 ` Anthony Liguori
2007-02-18 23:53 ` Christopher Olsen
2007-02-19 0:14 ` Johannes Schindelin
2007-02-19 0:30 ` Christopher Olsen
2007-02-19 0:41 ` Johannes Schindelin
2007-02-19 2:01 ` Anthony Liguori
2007-02-19 2:11 ` Johannes Schindelin
2007-02-19 2:48 ` Anthony Liguori
2007-02-19 12:19 ` Christopher Olsen
2007-02-19 14:53 ` Johannes Schindelin
2007-02-19 17:16 ` Christopher Olsen
2007-02-19 17:30 ` Daniel P. Berrange
2007-02-19 17:41 ` Christopher Olsen
2007-02-19 19:09 ` Daniel P. Berrange
2007-02-19 19:29 ` Christopher Olsen
2007-02-19 22:52 ` Fabrice Bellard
2007-02-19 23:37 ` Christopher Olsen
2007-02-20 0:36 ` Daniel P. Berrange
2007-02-20 0:45 ` Anthony Liguori
2007-02-20 0:53 ` Christopher Olsen
2007-02-20 1:05 ` Daniel P. Berrange
2007-02-20 1:11 ` Johannes Schindelin
2007-02-20 1:18 ` Christopher Olsen
2007-02-20 19:46 ` Joe Batt
2007-02-19 23:58 ` Johannes Schindelin
2007-02-19 0:11 ` Johannes Schindelin
2007-02-19 0:25 ` Christopher Olsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DPECJEHGLGCLMELPLDPLOECJCJAA.cwolsen@domainatlantic.com \
--to=cwolsen@domainatlantic.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).