Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Microsoft Documentation RDP password encryption?

1 view

Skip to first unread message

Jeff Kazules

unread,

Aug 18, 2003, 7:12:49 PM8/18/03

Dear Microsoft,

I can find no documentation about the safety of the
password when remotely controlling a WinXP Pro pc, or a
W2K Server w/ terminal services remote admin mode.

I am told by colleagues that the password itself can be
picked up by a sniffer if someone has one running on the
Internet. They say that more preferable would be to have
a certificate like IPSEC does so that the password is
also encrypted, not just the session afterward.

Please clarify this issue for me, hopefully with some
official M$ documentation.

Sincerely,

Jeff Kazules
Computer & Communication Services, LLC

Bill Sanderson

unread,

Aug 18, 2003, 8:25:18 PM8/18/03

The entire session, including the password exchange, is encrypted.

Here's a quote from a word doc white paper available here:

http://www.microsoft.com/windows2000/techinfo/howitworks/terminal/rdpfandp.asp

I should point out that in XP, and in Windows 2000 at some later point which
I can't clearly define now, 128 bit encryption key is the default.
-----------------------------------------------------------------
Encryption
Without encrypting the display protocol, it is very easy to 'sniff' the wire
to discover users' passwords as they logon to the system. Allowing an
administrator to logon using a non-encrypted protocol exposes the entire
domain resources vulnerable to hackers, especially if connecting over a
public network without the use of a virtual private network. It is important
to note that protocols that use "scrambling" to protect data are just as
vulnerable to this sort of attack as protocols that send data using
clear-text.

Every version of RDP uses RSA Security's RC4 cipher, a stream cipher
designed to efficiently encrypt small amounts of varying size data. RC4 is
designed for secure communications over networks, and is also used in
protocols such as SSL, which encrypts traffic to and from secure Web sites.

In Windows 2000, administrators can choose to encrypt the data using a 56-
or 128-bit key. Encryption is bi-directional except when using the 'low'
security setting that only encrypts data from the client to the server
(which protects sensitive information such as passwords). The default
setting is "medium" which uses a 56-bit key to bi-directionally encrypt the
data. 128-bit encryption can be enabled after installing the Windows 2000
High Encryption Pack.

----------------------------------------------------------------------------
--------------

"Jeff Kazules" <je...@callccs.com> wrote in message
news:072401c365de$3de3cbf0$a101...@phx.gbl...

0 new messages