Disable twofish-ctr by default, add config option

author: Matt Johnston <matt@ucc.asn.au> 2015-06-03 22:59:59 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2015-06-03 22:59:59 +0800
commit: ecd850521816dc2a78792fc53dd9c6c80d5d1b91 (patch)
tree: 8ac23d0bbac268a38054bbce8f0532df1872f283 /options.h
parent: 1fa1c3f9db61e11d18363140f167ca1627e2f6ed (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/options.h b/options.h
index e2d69a9..41cc129 100644
--- a/options.h
+++ b/options.h
@@ -103,10 +103,15 @@ much traffic. */
 #define DROPBEAR_ENABLE_CBC_MODE
 
 /* Enable "Counter Mode" for ciphers. This is more secure than normal
- * CBC mode against certain attacks. This adds around 1kB to binary 
- * size and is recommended for most cases */
+ * CBC mode against certain attacks. It is recommended for security
+ * and forwards compatibility */
 #define DROPBEAR_ENABLE_CTR_MODE
 
+/* Twofish counter mode is disabled by default because it 
+has not been tested for interoperability with other SSH implementations.
+If you test it please contact the Dropbear author */
+/* #define DROPBEAR_TWOFISH_CTR */
+
 /* You can compile with no encryption if you want. In some circumstances
  * this could be safe security-wise, though make sure you know what
  * you're doing. Anyone can see everything that goes over the wire, so
author	Matt Johnston <matt@ucc.asn.au>	2015-06-03 22:59:59 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2015-06-03 22:59:59 +0800
commit	ecd850521816dc2a78792fc53dd9c6c80d5d1b91 (patch)
tree	8ac23d0bbac268a38054bbce8f0532df1872f283 /options.h
parent	1fa1c3f9db61e11d18363140f167ca1627e2f6ed (diff)