[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1809252] Re: Password authentication in FIPS-compliant
[Qemu-devel] [Bug 1809252] Re: Password authentication in FIPS-compliant mode
Thu, 20 Dec 2018 14:47:55 -0000
The VNC password authentication scheme is not extensible. It is
unfixably broken by design.
QEMU provides the SASL authentication scheme for VNC which allows for
strong authentication, when combined with the VeNCrypt authentication
scheme that uses TLS.
These extensions are supported by the gtk-vnc client used by remote-
viewer, virt-viewer, virt-manager, GNOME Boxes and more. Other VNC
clients are also known to implement VeNCrypt, though SASL support is
less wide spread.
>From a QEMU POV, there's nothing more we need todo really - any
remaining gaps are client side.
** Changed in: qemu
Status: New => Invalid
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
Password authentication in FIPS-compliant mode
Status in QEMU:
The documentation states, that:
"The VNC protocol has limited support for password based
authentication. (...) Password authentication is not supported when
operating in FIPS 140-2 compliance mode as it requires the use of the
Would it be possible for qemu to use a different cipher and re-enable
password as an option in VNC console? Is there a technical reason for
not using a stronger cipher?
To manage notifications about this bug go to: