Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Security: Password and rc4.key strategies

Should you have problems with the DSM plugin, here's the place to look for help or report issues
Post Reply
oscar6263
8
8
Posts: 10
Joined: 2008-12-16 02:19

Security: Password and rc4.key strategies

Post by oscar6263 »

Understanding it is wise to change passwords and keys frequently, what strategies are users employing to do so with 25+ computers?
Last edited by oscar6263 on 2008-12-16 04:33, edited 1 time in total.
redge
1000
1000
Posts: 6797
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Re: Security: Password and rc4.key strategies

Post by redge »

using vnc manager for deploy any update to all computers.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
oscar6263
8
8
Posts: 10
Joined: 2008-12-16 02:19

Re: Security: Password and rc4.key strategies

Post by oscar6263 »

Sorry, I'll try to be more descriptive.

I understand that passwords can be reset using a remote manager such as vnc manager, vncscan, smartcode, et al. My questions are a bit more theoretical.

First how often do you change your passwords and rc4.key files?

Second, I don't know if I fully understand the security of the rc4.key files. From my reading, it gives you data encryption similar to SSL. Some have said that a SSH Tunnel and use of the DSM plugin is a waste of time as it is duplicative. Is this correct?

Also, it would seem that distributing a key via the internet would expose it to potential hackers. Kind of like entering your pin at the atm with someone looking over you shoulder. Can new keys be safely distributed via the net?

Also, how are the new keys and passwords distributed with the winvnc running? I have tried this manually, and the rc4.key file is locked and cannot be renamed or deleted. I have to admit, I haven't tried simply overwriting it.
redge
1000
1000
Posts: 6797
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Re: Security: Password and rc4.key strategies

Post by redge »

First how often do you change your passwords and rc4.key files?
every 3 months if password is from dictionnary, I had never change my rc4.key
you less need to change your password if password not from dictionnary like uZkBa!5-I since this password is unpossible to hack for long life.
but there easy software for decrypt vnc password, vncpwdump
Some have said that a SSH Tunnel and use of the DSM plugin is a waste of time as it is duplicative. Is this correct?
correct, only use SSH or SSL or uvnc with dsmplugin but but not both, both is for nothing except for paranoia maniac.

you can zip + encrypt + password the rc4.key and send the zipped file encrypted file over internet.


if rc4.key is in use, you can't delete or overwrite until the winvnc closed properly. reboot safe mode, then you can delete the looked file in case of failure of winvnc with dsmplugin crash or malfunction.
Last edited by redge on 2008-12-16 22:39, edited 1 time in total.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Post Reply