diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2008-11-06 13:33:06 +0000 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2008-11-06 13:33:06 +0000 |
| commit | 1912439526aff3ebb50aaf370b1744ba3d3e8fc5 (patch) | |
| tree | 05f3021c106f9051c9b193bb2173554f591c5e7c /options.h | |
| parent | 800810a1816a0ac29ba2f5c77f8eed11a97566af (diff) | |
Update nocrypto branch to current head
--HG--
branch : insecure-nocrypto
extra : convert_revision : 9e5e6e33be005d27cd5b3270c574edc45b5c2893
Diffstat (limited to 'options.h')
| -rw-r--r-- | options.h | 19 |
1 files changed, 13 insertions, 6 deletions
@@ -82,17 +82,15 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * Protocol RFC requires 3DES and recommends AES128 for interoperability. * Including multiple keysize variants the same cipher * (eg AES256 as well as AES128) will result in a minimal size increase.*/ +/* #define DROPBEAR_AES128 #define DROPBEAR_3DES #define DROPBEAR_AES256 #define DROPBEAR_BLOWFISH #define DROPBEAR_TWOFISH256 #define DROPBEAR_TWOFISH128 +*/ -/* Enable "Counter Mode" for ciphers. This is more secure than normal - * CBC mode against certain attacks. This adds around 1kB to binary - * size and is recommended for most cases */ -#define DROPBEAR_ENABLE_CTR_MODE /* You can compile with no encryption if you want. In some circumstances * this could be safe securitywise, though make sure you know what * you're doing. Anyone can see everything that goes over the wire, so @@ -105,6 +103,11 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * "dbclient-insecure" client. */ #define DROPBEAR_NONE_CIPHER +/* Enable "Counter Mode" for ciphers. This is more secure than normal + * CBC mode against certain attacks. This adds around 1kB to binary + * size and is recommended for most cases */ +#define DROPBEAR_ENABLE_CTR_MODE + /* Message Integrity - at least one required. * Protocol RFC requires sha1 and recommends sha1-96. * sha1-96 may be of use for slow links, as it has a smaller overhead. @@ -117,15 +120,19 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * These hashes are also used for public key fingerprints in logs. * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ +/* #define DROPBEAR_SHA1_HMAC #define DROPBEAR_SHA1_96_HMAC #define DROPBEAR_MD5_HMAC +*/ /* You can also disable integrity. Don't bother disabling this if you're * still using a cipher, it's relatively cheap. Don't disable this if you're * using 'none' cipher, since it's dead simple to run arbitrary commands - * on the remote host. Beware. */ -/*#define DROPBEAR_NONE_INTEGRITY*/ + * on the remote host. Beware. + * Note again, for the client you will have to disable other hashes above + * to use this. */ +#define DROPBEAR_NONE_INTEGRITY /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. |