|
|
>> Fact: It doesn't matter how strong the authentication process is. This
>> does not automatically mean that the data that follows is encrypted in
>> any way at all.
>
> No, it doesn't
OK, now we agree on something.
>>> Nope, 1200 packets, nothing in the clear.
>>
>> And how do you tell whether random binary data is encrypted or not?
>
> There's nothing "in the clear". I connected to the system, opened a CMD
> window, and listed directory contents.
Right. So it send a bunch of image bitmaps to you. And you can tell just
from a hex dump that it was encrypted?
> That, plus the fact that it, you know, actually is *documented* to be
> encrypted.
It's news to me that there /is/ any such documentation.
> Yes, I do. However, *weak* encryption is still, you know, *encryption*.
Weak encryption is virtually no better than no encryption at all. If you
want encryption, you want strong encryption.
> But it's still encryption. You asserted that it's not encrypted. I
> proved that it was. Now, if you want to talk about encryption
> *strength*, that's different than, you know, whether it's encrypted or
> not.
If you're sending traffic over the Internet, it needs to have strong
encryption. Since the debate is about whether you need to add additional
security to RDP or not, it's kinda relevant.
>> Every Windows protocol I know of sends everything
>> unencrypted by default, and most of them offer no possibility of adding
>> encryption. I'd be rather surprised if RDP is different.
>
> Well, it's just documented as being enabled by default. Like your VPN.
> How do you know your VPN is actually encrypted?
I'm not saying that RDP isn't encrypted. I'm saying I'm extremely
surprised that it's encrypted, given that none of the dozens of other
Windows wire protocols offer any encryption at all.
>>> Oh, and I pointed you at an SSH server for Windows. It comes with
>>> Cygwin.
>>
>> Right. I didn't know about that when I set this up.
>
> You knew about it before you made this post. So now you know it's
> available so you can use it.
I set this encrypted link up *years* ago, long before this discussion
started.
Post a reply to this message
|
|