In the SRC/InstantSupport_File/instatnsupport.ini there is a second password:
passwd2=BEB49784199CB48172
This never changes. Is it a 'backdoor' password of some sort?
I removed it and it all seems to still work, just worries me that it was there.
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Security Question
Re: Security Question
It's the view only password for UltraVNC, nothing to worry about.
EDIT:
Which I've simply set to random keys I hit on the keyboard.
I didn't realize this could be left blank, maybe that will be a better option.
EDIT:
Which I've simply set to random keys I hit on the keyboard.
I didn't realize this could be left blank, maybe that will be a better option.
Last edited by supercoe on 2010-11-30 14:37, edited 1 time in total.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
Re: Security Question
not related with the first question but related to the topic name.
What encryption are use by default 3.2 version? AES CFB 256bits?
How is used the SecureVNCPlugin.dsm? there's no Viewer_ClientAuth.pkey or Server_ClientAuth.pubkey used in chunkVNC 3.2?
What encryption are use by default 3.2 version? AES CFB 256bits?
How is used the SecureVNCPlugin.dsm? there's no Viewer_ClientAuth.pkey or Server_ClientAuth.pubkey used in chunkVNC 3.2?
Last edited by Yod4z on 2010-12-21 15:39, edited 1 time in total.
Re: Security Question
the default settings of SecureVNC
Default configuration uses 2048-bit RSA keys and 256-bit AES keys.
Default configuration uses 2048-bit RSA keys and 256-bit AES keys.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Re: Security Question
then it use OFB in place of CFB 
, less secure
but there's no key with the instantsupport to crypte the connexion
, less securebut there's no key with the instantsupport to crypte the connexion
Last edited by Yod4z on 2010-12-22 09:49, edited 1 time in total.
Re: Security Question
Yod4z,
Currently SecureVNC is setup to use the set VNC password which uses the encryption redge states.
You seem to know a lot about encryption, which way would you suggest as being the most secure? Should I be using the generated keys?
The way I see it:
Security is like locking the doors of your car, it'll keep honest people honest but anyone can just bust the window.
Currently SecureVNC is setup to use the set VNC password which uses the encryption redge states.
You seem to know a lot about encryption, which way would you suggest as being the most secure? Should I be using the generated keys?
The way I see it:
Security is like locking the doors of your car, it'll keep honest people honest but anyone can just bust the window.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
Re: Security Question
the problem are the restriction from the operator that want me to use AES CFB 128bits minimal encryption because of security risk.
I try to configure the plugin option in ultravnc.ini directly and see what it do.
I see the dev of this plugin have in mind to the next version to set CFB as default encryption.
The plugin encrypt the connexion or only the password?
I try to configure the plugin option in ultravnc.ini directly and see what it do.
I see the dev of this plugin have in mind to the next version to set CFB as default encryption.
The plugin encrypt the connexion or only the password?
Last edited by Yod4z on 2010-12-22 15:36, edited 1 time in total.
Re: Security Question
Try this:
Edit SRC\InstantSupport_Files\ultravnc.ini
Change:
For 128bit AES-CFB
For 256bit AES-CFB
The SecureVNC plugin encrypts the connection only at this point, it will encrypt the password in the future.
Edit SRC\InstantSupport_Files\ultravnc.ini
Change:
For 128bit AES-CFB
Code: Select all
DSMPluginConfig=SecureVNC;0;0x00101020;Code: Select all
DSMPluginConfig=SecureVNC;0;0x00104020;The SecureVNC plugin encrypts the connection only at this point, it will encrypt the password in the future.
Last edited by supercoe on 2010-12-22 16:03, edited 1 time in total.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
Re: Security Question
that's what i use in my modified chunkVNC 3.1 
and it work great
and it work great