More secure version of VNC?

[Irongeek]

Is there a version of VNC that stores its password more securely? TightVNC and RealVNC both store their password in the registry using DES, but since the key is know it’s trivial to decrypt it.

[Irongeek]

Well, I found UltraVNC:

http://ultravnc.sourceforge.net/index.html

it lets me use Doman authentication, bad side is it's flaky as hell and the only platform it runs on seems to be windows.

[thehorse13]

Yep, Ultra is what I use. On top of domain auth, it offers file transfer too.

Hey Iron, wanna know another secret? No matter what you set the password in RealVNC, it will only look at the first 8 characters. Give it a try.

[Irongeek]

I've noticed the 8 character limit, VNC it's something I’ve been researching for my presentation. I’m surprised that after all these years Real and Tight have not added more security features. Ultra is doing some work in that area, but it’s only for Windows. Also, Ultra’s Java client does not seem to work with MS login. Thanks Horse.

[hypronix]

Probably because this restriction exists on Linux machines if one uses DES encryption, it's actually to do with the enryption algorithm. SHA1 would be ideal I'd suppose.

[FlamingPacket]

Try using TightVNC.

[Irongeek]

Originally posted here by FlamingPacket
Try using TightVNC.

Read the first post.

[FlamingPacket]

Sorry, not fully awake yet. Me = retard...

[Irongeek]

That's ok. I like tight VNC, it just does not have the options I need.

[ikalo]

I also use TightVNC. I just keep it in my private LAN, behind firewall....

until it gets at least two layers of authenticating I don't trust it for public networks