Hi redge,
Actually before I posted here, I already had a long discussion with Karl Runge, the owner of ssvnc, x11vnc and libvncserver project, regarding this topic. The discussion started with whether to add MSLogon client-side support, and Karl pointed straight towards this 31 bit security issue ...
					After more 1 000 000 (one million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
	A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Search found 6 matches
- 2009-10-19 07:51
- Forum: MS-Logon plugin
- Topic: [PATCH] MSLogon upgrade to use 64bit keys instead of 31bit
- Replies: 9
- Views: 40025
- 2009-10-15 02:59
- Forum: MS-Logon plugin
- Topic: [PATCH] MSLogon upgrade to use 64bit keys instead of 31bit
- Replies: 9
- Views: 40025
Re: [PATCH] MSLogon upgrade to use 64bit keys instead of 31b
Hi,
Yes, crash is of course not acceptable, but this is really an arithmetic overflow problem in the old 31bit code, not the patched new one. And unfortunately I don't see any possibility to for the server check if the client supports only 31bit or not.
Now I can see two options for us, correctly ...
					Yes, crash is of course not acceptable, but this is really an arithmetic overflow problem in the old 31bit code, not the patched new one. And unfortunately I don't see any possibility to for the server check if the client supports only 31bit or not.
Now I can see two options for us, correctly ...
- 2009-10-13 02:09
- Forum: MS-Logon plugin
- Topic: [PATCH] MSLogon upgrade to use 64bit keys instead of 31bit
- Replies: 9
- Views: 40025
Re: MSLogon upgrade to use 64bit keys instead of 31bit
This patch will upgrade MSLogon to use 63 bits. I gave up 1 bit in order to avoid massive changing.
Test result:
o New viewer can connect to new server and old server without any problem.
o Old viewer will crash when connect to new server.
 
Index: UltraVNC Project Root/UltraVNC/rfb/dh.h ...
					Test result:
o New viewer can connect to new server and old server without any problem.
o Old viewer will crash when connect to new server.
Index: UltraVNC Project Root/UltraVNC/rfb/dh.h ...
- 2009-10-12 12:21
- Forum: MS-Logon plugin
- Topic: [PATCH] MSLogon upgrade to use 64bit keys instead of 31bit
- Replies: 9
- Views: 40025
Re: MSLogon upgrade to use 64bit keys instead of 31bit
Talking about compatibility, using new viewer to connect to old server shouldn't be any problem. it's just the problem when using an old viewer to connect to a new server.
					- 2009-10-12 01:30
- Forum: MS-Logon plugin
- Topic: [PATCH] MSLogon upgrade to use 64bit keys instead of 31bit
- Replies: 9
- Views: 40025
Re: MSLogon upgrade to use 64bit keys instead of 31bit
I think backward compatibility can be maintained only if you keep the generator (the X in DH::XpowYmodN) at 31 bit, but this will probably decrease the security strength and a little more difficult to maintain.
My suggestion is to let user use a newer viewer if they are going to use the newer ...
					My suggestion is to let user use a newer viewer if they are going to use the newer ...
- 2009-10-11 09:56
- Forum: MS-Logon plugin
- Topic: [PATCH] MSLogon upgrade to use 64bit keys instead of 31bit
- Replies: 9
- Views: 40025
[PATCH] MSLogon upgrade to use 64bit keys instead of 31bit
Hi,
I think most people already aware that the current MSLogon only use 31bit key size for DH key exchange. This is extremely unsecure and scaring people using it.
Recently I checked the source codes and it turned out that in dh.c, the program calculating x^y%m is not good and causing this 31bit ...
					I think most people already aware that the current MSLogon only use 31bit key size for DH key exchange. This is extremely unsecure and scaring people using it.
Recently I checked the source codes and it turned out that in dh.c, the program calculating x^y%m is not good and causing this 31bit ...