How good is Windows RDP's encryption?
Last response: in Windows XP
Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)
The XP servers support encryption (except in French versions of XP) in the
Remote Desktop Protocl (RDP) and so do the clients -- at least, the one
from http://www.rdesktop.org/ , which is what I plan to use.
But how easy is it to crack? I need to be able to access friend's three
Windows desktops once in a while and can setup ssh-tunneling, or simply
configure his firewall device to forward 3 different ports on his public
IP-address to the port 3389 ("rdp") on his three different private IPs.
The second option is certainly simpler -- how dangerous is it? Is the
encryption of the protocol real or is it just some kind of obfuscation
easily openable by anyone, able to sniff a couple of hours worth of
traffic?
Thanks!
-mi
The XP servers support encryption (except in French versions of XP) in the
Remote Desktop Protocl (RDP) and so do the clients -- at least, the one
from http://www.rdesktop.org/ , which is what I plan to use.
But how easy is it to crack? I need to be able to access friend's three
Windows desktops once in a while and can setup ssh-tunneling, or simply
configure his firewall device to forward 3 different ports on his public
IP-address to the port 3389 ("rdp") on his three different private IPs.
The second option is certainly simpler -- how dangerous is it? Is the
encryption of the protocol real or is it just some kind of obfuscation
easily openable by anyone, able to sniff a couple of hours worth of
traffic?
Thanks!
-mi
More about : good windows rdp encryption
Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)
Its encrypted at 128-bits so using a *strong password* should be sufficient.
With that said...personally I run RD through a SSH tunnel and use a public/private key with a strong
passphrase verus password authentication.
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"Mikhail Teterin" <usenet@aldan.algebra.com> wrote in message news:17962783.h5XVXZgWZW@misha...
> The XP servers support encryption (except in French versions of XP) in the
> Remote Desktop Protocl (RDP) and so do the clients -- at least, the one
> from http://www.rdesktop.org/ , which is what I plan to use.
>
> But how easy is it to crack? I need to be able to access friend's three
> Windows desktops once in a while and can setup ssh-tunneling, or simply
> configure his firewall device to forward 3 different ports on his public
> IP-address to the port 3389 ("rdp") on his three different private IPs.
>
> The second option is certainly simpler -- how dangerous is it? Is the
> encryption of the protocol real or is it just some kind of obfuscation
> easily openable by anyone, able to sniff a couple of hours worth of
> traffic?
>
> Thanks!
>
> -mi
>
>
Its encrypted at 128-bits so using a *strong password* should be sufficient.
With that said...personally I run RD through a SSH tunnel and use a public/private key with a strong
passphrase verus password authentication.
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"Mikhail Teterin" <usenet@aldan.algebra.com> wrote in message news:17962783.h5XVXZgWZW@misha...
> The XP servers support encryption (except in French versions of XP) in the
> Remote Desktop Protocl (RDP) and so do the clients -- at least, the one
> from http://www.rdesktop.org/ , which is what I plan to use.
>
> But how easy is it to crack? I need to be able to access friend's three
> Windows desktops once in a while and can setup ssh-tunneling, or simply
> configure his firewall device to forward 3 different ports on his public
> IP-address to the port 3389 ("rdp") on his three different private IPs.
>
> The second option is certainly simpler -- how dangerous is it? Is the
> encryption of the protocol real or is it just some kind of obfuscation
> easily openable by anyone, able to sniff a couple of hours worth of
> traffic?
>
> Thanks!
>
> -mi
>
>
Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)
"Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> writes:
> Its encrypted at 128-bits so using a *strong password* should be
> sufficient.
>
> With that said...personally I run RD through a SSH tunnel and use a
> public/private key with a strong passphrase verus password
> authentication.
Just because something has been sprinkled with '128-bit encryption
pixie dust' doesn't mean it's secure. Heck, WEP can use 104 bits and
do you think anyone trusts it?![:)]( ":)")
It all depends on your level of paranoia.
--
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
"Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> writes:
> Its encrypted at 128-bits so using a *strong password* should be
> sufficient.
>
> With that said...personally I run RD through a SSH tunnel and use a
> public/private key with a strong passphrase verus password
> authentication.
Just because something has been sprinkled with '128-bit encryption
pixie dust' doesn't mean it's secure. Heck, WEP can use 104 bits and
do you think anyone trusts it?
It all depends on your level of paranoia.
--
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)
Here is an old thread that may be of interest concerning this issue...
http://groups-beta.google.com/group/microsoft.public.wi...:*.work_remotely+author:Sooner+author:Al&rnum=21#f5e9adef25d5d6a7
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"David Magda" <dmagda+trace050112@ee.ryerson.ca> wrote in message
news:861x9x5e6h.fsf@number6.magda.ca...
> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> writes:
>
>> Its encrypted at 128-bits so using a *strong password* should be
>> sufficient.
>>
>> With that said...personally I run RD through a SSH tunnel and use a
>> public/private key with a strong passphrase verus password
>> authentication.
>
> Just because something has been sprinkled with '128-bit encryption
> pixie dust' doesn't mean it's secure. Heck, WEP can use 104 bits and
> do you think anyone trusts it?![:)]( ":)")
>
> It all depends on your level of paranoia.
>
> --
> David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
> Because the innovator has for enemies all those who have done well under
> the old conditions, and lukewarm defenders in those who may do well
> under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
Here is an old thread that may be of interest concerning this issue...
http://groups-beta.google.com/group/microsoft.public.wi...:*.work_remotely+author:Sooner+author:Al&rnum=21#f5e9adef25d5d6a7
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"David Magda" <dmagda+trace050112@ee.ryerson.ca> wrote in message
news:861x9x5e6h.fsf@number6.magda.ca...
> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> writes:
>
>> Its encrypted at 128-bits so using a *strong password* should be
>> sufficient.
>>
>> With that said...personally I run RD through a SSH tunnel and use a
>> public/private key with a strong passphrase verus password
>> authentication.
>
> Just because something has been sprinkled with '128-bit encryption
> pixie dust' doesn't mean it's secure. Heck, WEP can use 104 bits and
> do you think anyone trusts it?
>
> It all depends on your level of paranoia.
>
> --
> David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
> Because the innovator has for enemies all those who have done well under
> the old conditions, and lukewarm defenders in those who may do well
> under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
Related ressources:
- ForumWindows XP RDP encryption ?
- ForumHow do I remove the RDP window title bar or tab
- ForumHow to set up RDP from XP to Ubuntu VirtualBox?
- ForumHow to fix Dell N5010 overheating problem?
- ForumRDP Session Cancelling Streaming Video and Second Screen
- ForumEnabling file sharing from a Windows 7 to Windows XP/Vista Machines
- ForumEncryption with bitlocker question
- ForumRDP using RPC over HTTP
- ForumHow to check if rdp is enabled in windows 2000
- ForumShould I upgrade to Windows 8?
- ForumFailed to RDP into Home PC (Comcast)
- ForumTruecrypt full disc encryption
- ForumEnabling file sharing from a Windows 7 to Windows XP/Vista Machines
- ForumR & R RDP in WinXPPro
- ForumRDP versus ICA
- ForumRDP now timing out 1 way, not the other. Debuggable?
- ForumWindows 7 connects to VPN but cannot RDP when connected via a data card
- ForumHELP!!! Please with Windows XP
- Forum"how do i register windows manuially can someone help
- ForumHow is my port 3389 being blocked?
- More resources
Read discussions in other Windows XP categories
!
