CendioOssman
commented
2 weeks ago a) Password length is 8 characters password, currently this is behind the industry standard (usually is at least 15 characters password length), do you think you can increase the size of the password to 15 or higher?
I'm afraid that limitation is part of the protocol, so it's not something we can change without breaking compatibility with other VNC clients and servers. :/
If compatibility isn't as important, we already have the "Plain" authentication method which supports much longer passwords. It is currently limited to using system accounts, though.
b) Password is stored in not encrypted using secure algorithms and is easy to crack it. maybe you can try to create a more secure way to store the passwords.
That is also something required by the protocol, unfortunately. Again, though, if you use "Plain" then the passwords are no longer required to be stored in a readable format.
Currently TigerVNC has 2 main security issues related passwords:
a) Password length is 8 characters password, currently this is behind the industry standard (usually is at least 15 characters password length), do you think you can increase the size of the password to 15 or higher?
b) Password is stored in not encrypted using secure algorithms and is easy to crack it. maybe you can try to create a more secure way to store the passwords.
Thanks in advance for your help