Actually, TightVNC only encrypts the password, the rest of the communication is not.Originally posted here by kr5kernel
TightVNC http://www.tightvnc.com
TightVNC automatically tunnels a VNC connection over SSH. Also supports read only and full access passwords. And it tastes delicious!
http://www.tightvnc.com/faq.html#howsecure:
How secure is TightVNC?
Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk. To solve this problem, we plan to work on built-in encryption in future versions of TightVNC.
In the mean time, if you need real security, we recommend installing OpenSSH, and using SSH tunneling for all TightVNC connections from untrusted networks.
Reply With Quote