Ultr@VNC includes a basic Data Stream Modification plugin mechanism. It has been designed in the hope it is fast, efficient and minimizes the data and CPU overhead due to data transformation. It allows anyone to write an external dll that can be loaded by both Ultr@VNC Viewer and Utr@VNC Server. Then this dll has access to all the transmitted data packets and can consequently alter, modify, record, or encrypt the VNC data stream during the connections.
The DSM Plugin system is a "tunnel" for the VNC connection:
In the above example, the input "ABCDE" is encapsulated in the RFB protocol, and then sent out over the internet. Notice the text is still visible inside the RFB protocol packet. The server on the other end translates the text back to "ABCDE". In the DSM example, the text AND the RFB protocol wrapper are transformed by the plugin. The text and the RFB protocol wrapper are not visible on the internet. The server transforms the packet back to plain-text, then translates it back to "ABCDE".
The MSRC4 Plugin
The MSRC4 plugin uses the Microsoft Crypto API to encrypt the data stream using RC4 stream encryption This is the same encryption method used by SSL. RC4 encryption is secure but processor light, making it well suited to streaming data. The clear text and the encrypted text take up the same amount of space, making it simpler to code.
Unlike SSL, the keys are generated once, and then "pre-shared" onto the clients are servers that will use the encryption plugin. UltraVNC does not have a method for dynamically creating keys, and the DSM architecture was built in such a way that it is not possible for the plugin's to dynamically negotiate the keys.
The plugin is supported on Windows 95 through Windows 2003 Server. Key sizes supported are 40bit, 56bit, or 128bit. (The bit size is limited to 40bit on some versions of Windows. With the "High Encryption Pack" installed on 95osr2 or 98/98SE, they will support up to 128bit keys.)
The encryption method, key, and key length are stored in the key file generated by the plugin. Keeping your key files secure keeps your encryption secure. Changing your keys often is as prudent as changing your passwords often.
Currently there are two versions of the MSRC4 plugin. The first version stores it's configuration information in the Windows registry. The other version does not use the registry, but uses a combination of "default paths" and environment variables to locate the key file.
The "NoReg" version is msrc4plugin_noreg.dsm