How good is Windows RDP's encryption?

[Guest]

Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)

The XP servers support encryption (except in French versions of XP) in the
Remote Desktop Protocl (RDP) and so do the clients -- at least, the one
from http://www.rdesktop.org/ , which is what I plan to use.

But how easy is it to crack? I need to be able to access friend's three
Windows desktops once in a while and can setup ssh-tunneling, or simply
configure his firewall device to forward 3 different ports on his public
IP-address to the port 3389 ("rdp") on his three different private IPs.

The second option is certainly simpler -- how dangerous is it? Is the
encryption of the protocol real or is it just some kind of obfuscation
easily openable by anyone, able to sniff a couple of hours worth of
traffic?

Thanks!

-mi

 

[Guest]

Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)

Its encrypted at 128-bits so using a *strong password* should be sufficient.

With that said...personally I run RD through a SSH tunnel and use a public/private key with a strong
passphrase verus password authentication.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...


"Mikhail Teterin" <usenet@aldan.algebra.com> wrote in message news:17962783.h5XVXZgWZW@misha...
> The XP servers support encryption (except in French versions of XP) in the
> Remote Desktop Protocl (RDP) and so do the clients -- at least, the one
> from http://www.rdesktop.org/ , which is what I plan to use.
>
> But how easy is it to crack? I need to be able to access friend's three
> Windows desktops once in a while and can setup ssh-tunneling, or simply
> configure his firewall device to forward 3 different ports on his public
> IP-address to the port 3389 ("rdp") on his three different private IPs.
>
> The second option is certainly simpler -- how dangerous is it? Is the
> encryption of the protocol real or is it just some kind of obfuscation
> easily openable by anyone, able to sniff a couple of hours worth of
> traffic?
>
> Thanks!
>
> -mi
>
>

 

[Guest]

Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)

"Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> writes:

> Its encrypted at 128-bits so using a *strong password* should be
> sufficient.
>
> With that said...personally I run RD through a SSH tunnel and use a
> public/private key with a strong passphrase verus password
> authentication.

Just because something has been sprinkled with '128-bit encryption
pixie dust' doesn't mean it's secure. Heck, WEP can use 104 bits and
do you think anyone trusts it?

It all depends on your level of paranoia.

--
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI

 

[Guest]

Archived from groups: comp.security.ssh,microsoft.public.nl.windowsxp.remote,microsoft.public.windowsxp.work_remotely (More info?)

Here is an old thread that may be of interest concerning this issue...

http://groups-beta.google.com/group/microsoft.public.windowsxp.work_remotely/browse_thread/thread/edb4a7b364a869a9/f5e9adef25d5d6a7?q=encryption+group:*.work_remotely+author:Sooner+author:Al&rnum=21#f5e9adef25d5d6a7

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...


"David Magda" <dmagda+trace050112@ee.ryerson.ca> wrote in message
news:861x9x5e6h.fsf@number6.magda.ca...
> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> writes:
>
>> Its encrypted at 128-bits so using a *strong password* should be
>> sufficient.
>>
>> With that said...personally I run RD through a SSH tunnel and use a
>> public/private key with a strong passphrase verus password
>> authentication.
>
> Just because something has been sprinkled with '128-bit encryption
> pixie dust' doesn't mean it's secure. Heck, WEP can use 104 bits and
> do you think anyone trusts it?
>
> It all depends on your level of paranoia.
>
> --
> David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
> Because the innovator has for enemies all those who have done well under
> the old conditions, and lukewarm defenders in those who may do well
> under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI