FESCO request to revert password confirmation change in F22

Miloslav Trma─Ź mitr at redhat.com
Sat Mar 7 02:57:31 UTC 2015

> I have no
> clue why VNC passwords are limited/truncated to eight characters, but it
> seems like that limitation makes the protocol not worth supporting at
> all, let alone worth promoting in System Settings.

The only VNC authentication mechanism standardized in RFC 6143 uses the password as a DES key, which limits it to 8 (7-bit) bytes.

The VNC protocol can, however, support several different kinds of authentication, and several have been defined as vendor extensions.  See e.g. http://sourceforge.net/p/tigervnc/code/HEAD/tree/rfbproto/rfbproto.rst#security-types .

Restricting to non-standard authentication types, would, of course, impact interoperability.

More information about the devel mailing list