When using the Remote Desktop 3 application to connect to an Apple Remote Desktop 3 (ARD) client, most of the communication is encrypted.
Authentication to Apple Remote Desktop clients uses an authentication method based on a Diffie-Hellman Key agreement protocol that creates a shared 128-bit key. This shared key is used to encrypt both the name and password using the Advanced Encryption Standard (AES). The Diffie-Hellman key agreement protocol used in Remote Desktop 3 is very similar to the one used in personal file sharing, with both of them using a 512-bit prime for the shared key calculation.
With Remote Desktop 3, keystrokes and mouse events are encrypted when you control Mac OS X client computers. Additionally, most tasks (except Control and Observe screen data), files copied via Copy Items, and Install Packages are encrypted for transit (though you may choose to encrypt these as well by changing your application preferences). This information is encrypted using the Advanced Encryption Standard (AES) with the 128-bit shared key that was derived during authentication.
The following tasks do not support encrypted communication:
Although Remote Desktop sends authentication information, keystrokes, and management commands encrypted by default, you may want additional security. You can choose to encrypt all Observe and Control traffic, at a certain performance cost.
Encryption is done using an SSH tunnel between the participating computers. In order to use encryption for Observe and Control tasks, the target computers must have SSH enabled (“Remote Login�? in the computer’s Sharing Preference pane). Additionally, firewalls between the participating computers must be configured to pass traffic on TCP port 22 (SSH well known port).
If the you are trying to control a VNC server which is not Remote Desktop, it will not support Remote Desktop keystroke encryption. If you try to control that VNC server, you will get a warning that the keystrokes aren’t encrypted, which you will have to acknowledge before you can control the VNC server. If you chose to encrypt all network data, then you will not be able to control the VNC server, because Remote Desktop is not able to open the necessary SSH tunnel to the VNC server.
If you drag and drop files when Controlling a client computer, the file copy will be encrypted if the screen sharing is encrypted, or if the option "Encrypt network data when using Copy Items" is selected in the Preferences.