Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Is this the end of the world as we know it? : Re: Is this the end of the world as we know it? Server Time
31 Jul 2024 14:23:29 EDT (-0400)
  Re: Is this the end of the world as we know it?  
From: Jim Henderson
Date: 8 Oct 2011 21:18:03
Message: <4e90f64b@news.povray.org>
 
On Sun, 09 Oct 2011 02:06:59 +0100, Orchid XP v8 wrote:

>>>>> Now how do you /encrypt/ that?
>>>>
>>>> It's RDP.  It's already *encrypted*.
>>>
>>> Yeah, right. I'll believe it when I see it.
>>
>> I use it for what I work on.  The connection is encrypted.  RDP ain't
>> VNC (which actually *isn't* encrypted).
>>
>> When I connect to the Windows Server 2008 box for the classes I'm
>> working on, I get a certificate validation request.
>>
>> That sure as hell seems to be an encrypted connection.
> 
> So, just because it does strong authentication, you think that means the
> actual data is encrypted?

It's actually a certificate verification message, not a 'strong 
authentication' message.  It's asking about an SSL certificate that's 
used to encrypt the entire communications channel.

You know, like actual security.

Don't believe me?  Fine, I'll do a wireshark trace on it.

Nope, 1200 packets, nothing in the clear.

http://en.wikipedia.org/wiki/Remote_Desktop_Protocol

"128-bit encryption, using the RC4 encryption algorithm, as of Version 6.
[15] Older implementations suffer from a man-in-the-middle vulnerability, 
which can allow an attacker to decrypt the encrypted streams by recording 
the encryption key as it is transmitted.[16]"

(Under "Features").

Nope, I guess you're right.  Adding 128-bit encryption isn't security.

"Support for Transport Layer Security (TLS) 1.0 on both server and client 
ends (set as default)."

I guess TLS also isn't security.  (That's as of version 6, released in 
2006).

Clearly I don't have a clue what I'm talking about.  RDP just uses 128-
bit encryption and has TLS available for full connection encryption.

> Given how weak the password challenge/response protocol in Windows is,
> I'd be happier tunnelling via SSH or something. You know, if I could
> actually find an SSH *server* for Windows... (Then I wouldn't need any
> extra hardware at all.)

You need to read more about the newer versions of RDP, I reckon.  

Oh, and I pointed you at an SSH server for Windows.  It comes with Cygwin.

Jim


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.