[26347] in bugtraq
Re: VNC authentication weakness
daemon@ATHENA.MIT.EDU (Constantin Kaplinsky)
Fri Jul 26 11:47:24 2002
To: Jack Lloyd <lloyd@acm.jhu.edu>
Cc: <jepler@unpythonic.net>, <bugtraq@securityfocus.com>
From: Constantin Kaplinsky <const@ce.cctpu.edu.ru>
In-Reply-To: <Pine.LNX.4.33L2.0207241626100.21949-100000@centaur.acm.jhu.edu>
Message-ID: <m3sn27jhrt.fsf@localhost.localdomain>
Date: 26 Jul 2002 10:29:21 +0700
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
>>>>> "JL" == Jack Lloyd <lloyd@acm.jhu.edu> writes:
JL> While looking at this, I noticed (in 3.3.3r2) that VNC seems to
JL> use the password directly as a key to DES (truncating if the size
JL> is > 8 and padding with NULL if it's < 8). Since DES ignores the
JL> low bit of each byte of the key, this seems to mean that there are
JL> many different passwords which will be accepted in place of the
JL> "real" password. (Can someone confirm this is actually the case?)
No, this is not the case. VNC uses modified DES library which ignores
the most significant bit in each byte, not the least significant. That
is, 7-bit ASCII characters cannot be confused with each other.
--
With Best Wishes,
Constantin
