better encryption for password file

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello everybody,

I use tightvnc on Unix (Linux), using the AFS file system for home director=
ies.
In that environment the tightvnc security turs out to be very poor for a nu=
mber
of reasons:

- by default, home directories are world readable on typical AFS setups,
  furthermore, using chmod on the passwd file (as it is done by vncpasswd)
  is ineffective as AFS only supports
  directory level protection, and with its own commands.  Unix-like chmod f=
lags
  are listed but ineffective

- the passwd file is encrypted with a reversible algorithm and with a fixed=
 key:
  therefore any reader of the password file can easily recover the password=
 used
  by other users

- one can AFS protect the .vnc directory with an explicit action.=20
However this has
  the unfortunate consequence that vnc server authentication will fail once
  the AFS token of the server environment expires.

I have modified tighvnc v1.3dev7 to encrypt the passwd file with BlowFish, =
with
a user selectable password.  These are the features of the modified tightvn=
c:

- the client remains unmodified, and the server is inter-operable with
non modified
  clients

- when "vncserver" (or Xvnc) is invoked, it asks for a user password to enc=
rypt
  the password file.  This password will have to be kept in the Xvnc execut=
able
  during its execution.

- the file .vnc/passwd.bfe is created and checked when clients autenticate,
  Xvnc decodes it with the user provided password.

WIth these modifications users can leave their passwd file unprotected, but
nobody can recover the passwords without knowing the Blowfish encryption
password. The only drawback is thet the encryption password is asked each t=
ime
the server is started, however in my personal use I much more invoke
clients than
servers.

Of course I can send the patch with the modifications, if there is any
interest, and I actually would like very much to get my patches into
the mainstream development.
What people think about it?

I could add options to make the new behaviour defalt (I have it so now) or =
make
it controllable by Xvnc command line options, in case it is desired.

Greetings,
--=20
Alberto