>>>>> "JL" == Jack Lloyd <lloyd@acm.jhu.edu> writes: JL> While looking at this, I noticed (in 3.3.3r2) that VNC seems to JL> use the password directly as a key to DES (truncating if the size JL> is > 8 and padding with NULL if it's < 8). Since DES ignores the JL> low bit of each byte of the key, this seems to mean that there are JL> many different passwords which will be accepted in place of the JL> "real" password. (Can someone confirm this is actually the case?) No, this is not the case. VNC uses modified DES library which ignores the most significant bit in each byte, not the least significant. That is, 7-bit ASCII characters cannot be confused with each other. -- With Best Wishes, Constantin
