Encrypt network data in Remote Desktop
Authentication to Remote Desktop clients can use two different authentication methods:
The more secure method uses 2048-bit RSA host keys with the Secure Remote Password (SRP) protocol for authentication. If network nodes are used, Remote Desktop encrypts the name and password with the RSA key instead of using SRP.
The older, less secure method (used with older versions of OS X) uses a Diffie-Hellman Key agreement protocol with a 512-bit prime.
All Remote Desktop tasks—except Share Screen, and the copying of data and files using Copy Items and Install Packages—are encrypted for transit. This information is encrypted using the AES with a 128-bit shared key that was derived during authentication.
When using Copy Items or Install Packages, encryption isn’t enabled by default. You need to enable it for each Copy task, or globally in Remote Desktop preferences. Even installer package files can be intercepted if they’re not encrypted. Alternatively, you could encrypt the file archive before copying it.
When using Control or Observe to access a Mac using the Screen Sharing or Remote Management service, all data is encrypted for transit using the AES with a 128-bit shared key that was derived during screen sharing authentication. If you use Remote Desktop to control a computer running non-Apple VNC software, nothing is encrypted.
Encrypt all file transfers by default
You can encrypt all file transfers by default.
In Remote Desktop
, choose Remote Desktop > Preferences, then select Security.Check “Encrypt network data when using Copy Items” or “Encrypt network data when using Install Packages.”
Encrypt a single file transfer
You can encrypt a single file transfer without making that the default setting.
In Remote Desktop
, in the Copy Items task or Install Packages task configuration window, select “Encrypt network data.”