SecureVNC DSM Plugin - ARC4, AES, RSA. x86 and x64!

[adzm]

SecureVNC DSM Plugin
Simple, effective, secure VNC sessions
For 32-bit Windows and x64 Windows
Based on OpenSSL 0.9.8k using ARC4 or AES for 128-bit symmetric encryption and RSA for 2048-bit public key encryption

No pre-shared key or password required!

http://adamwalling.com/SecureVNC

--
(Cross-posted from the DSM Bug Reports & General Help forum, since it seems to make more sense here)
--

After fixing the existing incarnations of the encryption plugins, and creating a threadsafe implementation for multiple viewers, I became fed up with all the existing limitations and decided to start from scratch and throw in a new plugin into the mix. Hopefully you will see why.

The SecureVNC DSM plugin is a bit different from the other existing ones.

Installation and setup:
Download the SecureVNCPlugin.dsm and ensure your viewer and server applications are set to use it.

That is all!

--

Optionally, you can generate a key on the server. Otherwise, a new key will be generated for each connection. The pre-generated key is only used on the server! If you create a pre-generated key, do not share it!

The great advantage here is that it is very user friendly. You do not need to do anything other than use the plugin. You can connect from any other computer simply by using the plugin, without requiring a pre-shared key. Passwords can be used just like normal, unencrypted VNC authentication.

--

Basically, the server has a 2048-bit key for the RSA cipher. It sends the public key to the viewer. The viewer then generates the 128-bit symmetric key for the ARC4/AES stream cipher.

The viewer encrypts the symmetric key and sends it back to the server, which then decrypts it using its internal private key.

All further communication is then encrypted using this symmetric key.

ARC4 is significantly faster than AES, and when properly implemented is effectively just as secure. The current version drops the initial 3072 bytes of the ARC4 keystream to avoid known biases. SHA1 is used as the internal hashing algorithm.

Like all negotiations between two parties, it is susceptible to a man-in-the-middle attack. The only way to avoid this is to involve a trusted third party. However that is overkill for most purposes, I believe; this can only be exploited if a malicious party is able to both view AND modify the communication between the two parties.

I personally consider this release ready to go, except for the (still) untested 64-bit version. (I do not actually have a 64-bit computer, so the 64-bit version is entirely untested! If you use the 64-bit version, please let me know how it works!)

http://adamwalling.com/SecureVNC

Download ARC4 (faster) version (for all viewers and most servers):
(direct link -- x86 / win32)
http://adamwalling.com/SecureVNC/SecureVNCPlugin.dsm

(direct link -- x64)
http://adamwalling.com/SecureVNC/SecureVNCPlugin64.dsm


Download AES (slower) version (for servers only! viewers should use the above. Although both will work.):
Only the server needs the AES-version of the plugin! The SecureVNC plugin is capable of both ARC4 and AES encryption; the only difference in the AES versions are which ciphers the server accepts, so the viewer can use either one. Eventually I will update things to use some sort of configuration setting, but for now I just have two separate ones in case people want to use AES instead of ARC4. They are all compatible with each other; however, you will only get AES encryption if the AES plugin is on the server. Otherwise, ARC4 will be used instead.

(direct link -- x86 / win32)
http://adamwalling.com/SecureVNC/SecureVNCPluginAES.dsm

(direct link -- x64)
http://adamwalling.com/SecureVNC/Secure ... n64AES.dsm