Yes, even RealVNC's client does that when only the standard auth is possible. Many VNC clients and sometimes even servers allow you to enter a longer password, but as long as they're connecting to a the standard auth implementation, they'll actually truncate your password to 8 characters during operation.
If the password is shorter than 8 characters, it's just padded with zeroes. However, since ASCII only uses 7 bits, you give an 8 ASCII character key instead, and the unused 8th bit of every byte is simply discarded. Since the user password is used as the DES key, and DES key size is limited to 56 bits (plus 8 parity bits), your key can only be up to 7 8-byte characters long. Having had to implement VNC authentication a while back, I can assure you that it is not agnostic, and you have inadvertently revealed the reason for that in your own post.
0 kommentar(er)
