Authentication to Apple Remote Desktop clients uses an authentication method based on a Diffie-Hellman Key agreement protocol that creates a shared 128-bit key. This shared key is used to encrypt both the name and password using the Advanced Encryption Standard (AES). The Diffie-Hellman key agreement protocol used in Remote Desktop 3 is very similar to the one used in personal file sharing, with both of them using a 512-bit prime for the shared key calculation.

With Remote Desktop 3, keystrokes and mouse events are encrypted when you control Mac OS X client computers. Additionally, all tasks except Control and Observe screen data, and files copied via Copy Items and Install Packages are encrypted for transit (though you may choose to encrypt these as well by changing your application preferences). This information is encrypted using the Advanced Encryption Standard (AES) with the 128-bit shared key that was derived during authentication.

For other kinds of encryption, see:

• Encrypting Observe and Control Network Data.
• Encrypting Network Data During Copy Items and Install Packages Tasks.