vnc server only checks that the first eight characters of a password match.
yes, but I think eight-characters password is enough, isn't it??
Giving a user the false security of setting a long password, but actually ignoring everything after the eighth character is a terrible idea. Eight characters is definitely not enough.
I think, nobody gives false security. Please, see $man vncpasswd... From vncpasswd man page: "The password must be at least six characters long, and only the first eight characters are significant. Note that the stored password is not encrypted securely - anyone who has access to this file can trivially find out the plaintext password, so vncpasswd always sets appropriate permissions (read and write only by the owner)" But I'm going to add support to accept all characters in passwd
Thanks!
In the end, after big thinking, I must deny your enhancement request. VNC uses eight-character encryption key (password=key) and it's no way how use more than 8 characters without break rfb protocol compatibility. Please mail to RealVNC about this request