|
![](/i/fill.gif) |
On Sun, 09 Oct 2011 02:06:59 +0100, Orchid XP v8 wrote:
>>>>> Now how do you /encrypt/ that?
>>>>
>>>> It's RDP. It's already *encrypted*.
>>>
>>> Yeah, right. I'll believe it when I see it.
>>
>> I use it for what I work on. The connection is encrypted. RDP ain't
>> VNC (which actually *isn't* encrypted).
>>
>> When I connect to the Windows Server 2008 box for the classes I'm
>> working on, I get a certificate validation request.
>>
>> That sure as hell seems to be an encrypted connection.
>
> So, just because it does strong authentication, you think that means the
> actual data is encrypted?
It's actually a certificate verification message, not a 'strong
authentication' message. It's asking about an SSL certificate that's
used to encrypt the entire communications channel.
You know, like actual security.
Don't believe me? Fine, I'll do a wireshark trace on it.
Nope, 1200 packets, nothing in the clear.
http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
"128-bit encryption, using the RC4 encryption algorithm, as of Version 6.
[15] Older implementations suffer from a man-in-the-middle vulnerability,
which can allow an attacker to decrypt the encrypted streams by recording
the encryption key as it is transmitted.[16]"
(Under "Features").
Nope, I guess you're right. Adding 128-bit encryption isn't security.
"Support for Transport Layer Security (TLS) 1.0 on both server and client
ends (set as default)."
I guess TLS also isn't security. (That's as of version 6, released in
2006).
Clearly I don't have a clue what I'm talking about. RDP just uses 128-
bit encryption and has TLS available for full connection encryption.
> Given how weak the password challenge/response protocol in Windows is,
> I'd be happier tunnelling via SSH or something. You know, if I could
> actually find an SSH *server* for Windows... (Then I wouldn't need any
> extra hardware at all.)
You need to read more about the newer versions of RDP, I reckon.
Oh, and I pointed you at an SSH server for Windows. It comes with Cygwin.
Jim
Post a reply to this message
|
![](/i/fill.gif) |