How good is Windows RDP's encryption?

Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)

The XP servers support encryption (except in French versions of XP) in the
Remote Desktop Protocl (RDP) and so do the clients -- at least, the one
from http://www.rdesktop.org/ , which is what I plan to use.

But how easy is it to crack? I need to be able to access friend's three
Windows desktops once in a while and can setup ssh-tunneling, or simply
configure his firewall device to forward 3 different ports on his public
IP-address to the port 3389 ("rdp") on his three different private IPs.

The second option is certainly simpler -- how dangerous is it? Is the
encryption of the protocol real or is it just some kind of obfuscation
easily openable by anyone, able to sniff a couple of hours worth of
traffic?

Thanks!

-mi
3 answers Last reply
More about good windows encryption
  1. Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)

    Its encrypted at 128-bits so using a *strong password* should be sufficient.

    With that said...personally I run RD through a SSH tunnel and use a public/private key with a strong
    passphrase verus password authentication.

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...


    "Mikhail Teterin" <usenet@aldan.algebra.com> wrote in message news:17962783.h5XVXZgWZW@misha...
    > The XP servers support encryption (except in French versions of XP) in the
    > Remote Desktop Protocl (RDP) and so do the clients -- at least, the one
    > from http://www.rdesktop.org/ , which is what I plan to use.
    >
    > But how easy is it to crack? I need to be able to access friend's three
    > Windows desktops once in a while and can setup ssh-tunneling, or simply
    > configure his firewall device to forward 3 different ports on his public
    > IP-address to the port 3389 ("rdp") on his three different private IPs.
    >
    > The second option is certainly simpler -- how dangerous is it? Is the
    > encryption of the protocol real or is it just some kind of obfuscation
    > easily openable by anyone, able to sniff a couple of hours worth of
    > traffic?
    >
    > Thanks!
    >
    > -mi
    >
    >
  2. Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)

    "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> writes:

    > Its encrypted at 128-bits so using a *strong password* should be
    > sufficient.
    >
    > With that said...personally I run RD through a SSH tunnel and use a
    > public/private key with a strong passphrase verus password
    > authentication.

    Just because something has been sprinkled with '128-bit encryption
    pixie dust' doesn't mean it's secure. Heck, WEP can use 104 bits and
    do you think anyone trusts it? :)

    It all depends on your level of paranoia.

    --
    David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
    Because the innovator has for enemies all those who have done well under
    the old conditions, and lukewarm defenders in those who may do well
    under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
  3. Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)

    Here is an old thread that may be of interest concerning this issue...

    http://groups-beta.google.com/group/microsoft.public.windowsxp.work_remotely/browse_thread/thread/edb4a7b364a869a9/f5e9adef25d5d6a7?q=encryption+group:*.work_remotely+author:Sooner+author:Al&rnum=21#f5e9adef25d5d6a7

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...


    "David Magda" <dmagda+trace050112@ee.ryerson.ca> wrote in message
    news:861x9x5e6h.fsf@number6.magda.ca...
    > "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> writes:
    >
    >> Its encrypted at 128-bits so using a *strong password* should be
    >> sufficient.
    >>
    >> With that said...personally I run RD through a SSH tunnel and use a
    >> public/private key with a strong passphrase verus password
    >> authentication.
    >
    > Just because something has been sprinkled with '128-bit encryption
    > pixie dust' doesn't mean it's secure. Heck, WEP can use 104 bits and
    > do you think anyone trusts it? :)
    >
    > It all depends on your level of paranoia.
    >
    > --
    > David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
    > Because the innovator has for enemies all those who have done well under
    > the old conditions, and lukewarm defenders in those who may do well
    > under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
Ask a new question

Read More

Encryption Microsoft Windows XP