[debian-edu-commits] debian-edu/pkg-team/ 148/159: nevermind, I found out about RDP crypto (better than rumours, but…):

Dominik George natureshadow-guest at moszumanska.debian.org
Tue Feb 23 10:04:35 UTC 2016 

This is an automated email from the git hooks/post-receive script.

natureshadow-guest pushed a commit to branch master
in repository xrdp.

commit c315819107c2bbfeb9c070901e6c8c7003eadce7
Author: mirabilos <tg at mirbsd.org>
Date:   Wed Sep 2 18:48:08 2015 +0200

    nevermind, I found out about RDP crypto (better than rumours, but…):
    
    • RDP native crypto is RC4 (but not vulnerable in the same way as HTTPS)
      with 128-bit keys (acceptable)
    • RDP native crypto can be MITM’d because there is absolutely no way
      to verify the server except by comparing the server cert at the
      client side (which nobody does)
    • RDP can use SSL crypto (which these files are for, tbd figure out
      where to put the chain), which is RDP5-style encryption
      ‣ TLSv1.0
      ‣ supported by rdesktop but it doesn’t check the certificate u_U
      ‣ can cause freerdp to crash
    
    Guacamole does its own protocol over HTTP/HTTPS and translates on
    the Guacamole server side. As long as the RDP server is running on
    the same host, this should be okay.
    cf. http://guac-dev.org/doc/gug/guacamole-architecture.html
    
    Other uses could be via SSH tunneling or some kind of VPN.
---
 README.Debian | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/README.Debian b/README.Debian
index b826420..472399a 100644
--- a/README.Debian
+++ b/README.Debian
@@ -6,9 +6,6 @@ Use at your own risk and inform your users that privacy is possibly not
 guaranteed as all users can attach to RDP users’ sessions locally.
 See also: https://github.com/neutrinolabs/xrdp/issues/264
 
-Furthermore, the package maintainers would like to know what the log
-messages about /etc/xrdp/cert.pem and /etc/xrdp/key.pem are good for.
-
 The pulseaudio plugin from sesman/chansrv/pulse should be installed
 but cannot be built due to lack of a pulseaudio-modules-dev package
 in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794692

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/xrdp.git

More information about the debian-edu-commits mailing list