Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Is this the end of the world as we know it? : Re: Is this the end of the world as we know it? Server Time
30 Jul 2024 20:29:02 EDT (-0400)
  Re: Is this the end of the world as we know it?  
From: Jim Henderson
Date: 17 Oct 2011 19:20:21
Message: <4e9cb835@news.povray.org>
 
On Mon, 17 Oct 2011 10:15:31 +0100, Invisible wrote:

>>> Fact: It doesn't matter how strong the authentication process is. This
>>> does not automatically mean that the data that follows is encrypted in
>>> any way at all.
>>
>> No, it doesn't
> 
> OK, now we agree on something.

We probably didn't disagree on that - I never asserted that 
authentication and encryption were the same thing.

>>>> Nope, 1200 packets, nothing in the clear.
>>>
>>> And how do you tell whether random binary data is encrypted or not?
>>
>> There's nothing "in the clear".  I connected to the system, opened a
>> CMD window, and listed directory contents.
> 
> Right. So it send a bunch of image bitmaps to you. And you can tell just
> from a hex dump that it was encrypted?

Amazingly enough, Wireshark can reassemble the payloads and tell you 
what's in it.  So yes, with the proper tools, you can in fact tell that 
it's not just streaming a bunch of JPGs to you.

>> That, plus the fact that it, you know, actually is *documented* to be
>> encrypted.
> 
> It's news to me that there /is/ any such documentation.

Well, I only pointed to the articles that documented it.

>> Yes, I do.  However, *weak* encryption is still, you know,
>> *encryption*.
> 
> Weak encryption is virtually no better than no encryption at all. If you
> want encryption, you want strong encryption.

You asserted "unencrypted", not "poorly encrypted".

>> But it's still encryption.  You asserted that it's not encrypted.  I
>> proved that it was.  Now, if you want to talk about encryption
>> *strength*, that's different than, you know, whether it's encrypted or
>> not.
> 
> If you're sending traffic over the Internet, it needs to have strong
> encryption. Since the debate is about whether you need to add additional
> security to RDP or not, it's kinda relevant.

Again, you asserted *no* encryption.

>>> Every Windows protocol I know of sends everything unencrypted by
>>> default, and most of them offer no possibility of adding encryption.
>>> I'd be rather surprised if RDP is different.
>>
>> Well, it's just documented as being enabled by default.  Like your VPN.
>> How do you know your VPN is actually encrypted?
> 
> I'm not saying that RDP isn't encrypted. I'm saying I'm extremely
> surprised that it's encrypted, given that none of the dozens of other
> Windows wire protocols offer any encryption at all.

You started off by saying that it wasn't encrypted, and when you were 
told it was, you refused to believe those of us telling you it is were in 
fact telling you the truth.

Jim


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.