Mercurial > dropbear
comparison options.h @ 512:0129fd8ccc71 insecure-nocrypto
Update nocrypto branch to current head
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 06 Nov 2008 13:33:06 +0000 |
| parents | 582cb38e4eb5 |
| children | a4b7627b3157 |
comparison
equal
deleted
inserted
replaced
| 511:582cb38e4eb5 | 512:0129fd8ccc71 |
|---|---|
| 80 | 80 |
| 81 /* Encryption - at least one required. | 81 /* Encryption - at least one required. |
| 82 * Protocol RFC requires 3DES and recommends AES128 for interoperability. | 82 * Protocol RFC requires 3DES and recommends AES128 for interoperability. |
| 83 * Including multiple keysize variants the same cipher | 83 * Including multiple keysize variants the same cipher |
| 84 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ | 84 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ |
| 85 /* | |
| 85 #define DROPBEAR_AES128 | 86 #define DROPBEAR_AES128 |
| 86 #define DROPBEAR_3DES | 87 #define DROPBEAR_3DES |
| 87 #define DROPBEAR_AES256 | 88 #define DROPBEAR_AES256 |
| 88 #define DROPBEAR_BLOWFISH | 89 #define DROPBEAR_BLOWFISH |
| 89 #define DROPBEAR_TWOFISH256 | 90 #define DROPBEAR_TWOFISH256 |
| 90 #define DROPBEAR_TWOFISH128 | 91 #define DROPBEAR_TWOFISH128 |
| 91 | 92 */ |
| 92 /* Enable "Counter Mode" for ciphers. This is more secure than normal | 93 |
| 93 * CBC mode against certain attacks. This adds around 1kB to binary | |
| 94 * size and is recommended for most cases */ | |
| 95 #define DROPBEAR_ENABLE_CTR_MODE | |
| 96 /* You can compile with no encryption if you want. In some circumstances | 94 /* You can compile with no encryption if you want. In some circumstances |
| 97 * this could be safe securitywise, though make sure you know what | 95 * this could be safe securitywise, though make sure you know what |
| 98 * you're doing. Anyone can see everything that goes over the wire, so | 96 * you're doing. Anyone can see everything that goes over the wire, so |
| 99 * the only safe auth method is public key. You'll have to disable all other | 97 * the only safe auth method is public key. You'll have to disable all other |
| 100 * ciphers above in the client if you want to use this, or implement cipher | 98 * ciphers above in the client if you want to use this, or implement cipher |
| 103 * The best way to do things is probably make normal compile of dropbear with | 101 * The best way to do things is probably make normal compile of dropbear with |
| 104 * all ciphers including "none" as the server, then recompile a special | 102 * all ciphers including "none" as the server, then recompile a special |
| 105 * "dbclient-insecure" client. */ | 103 * "dbclient-insecure" client. */ |
| 106 #define DROPBEAR_NONE_CIPHER | 104 #define DROPBEAR_NONE_CIPHER |
| 107 | 105 |
| 106 /* Enable "Counter Mode" for ciphers. This is more secure than normal | |
| 107 * CBC mode against certain attacks. This adds around 1kB to binary | |
| 108 * size and is recommended for most cases */ | |
| 109 #define DROPBEAR_ENABLE_CTR_MODE | |
| 110 | |
| 108 /* Message Integrity - at least one required. | 111 /* Message Integrity - at least one required. |
| 109 * Protocol RFC requires sha1 and recommends sha1-96. | 112 * Protocol RFC requires sha1 and recommends sha1-96. |
| 110 * sha1-96 may be of use for slow links, as it has a smaller overhead. | 113 * sha1-96 may be of use for slow links, as it has a smaller overhead. |
| 111 * | 114 * |
| 112 * Note: there's no point disabling sha1 to save space, since it's used | 115 * Note: there's no point disabling sha1 to save space, since it's used |
| 115 * of the ssh protocol. | 118 * of the ssh protocol. |
| 116 * | 119 * |
| 117 * These hashes are also used for public key fingerprints in logs. | 120 * These hashes are also used for public key fingerprints in logs. |
| 118 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, | 121 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, |
| 119 * which are not the standard form. */ | 122 * which are not the standard form. */ |
| 123 /* | |
| 120 #define DROPBEAR_SHA1_HMAC | 124 #define DROPBEAR_SHA1_HMAC |
| 121 #define DROPBEAR_SHA1_96_HMAC | 125 #define DROPBEAR_SHA1_96_HMAC |
| 122 #define DROPBEAR_MD5_HMAC | 126 #define DROPBEAR_MD5_HMAC |
| 127 */ | |
| 123 | 128 |
| 124 /* You can also disable integrity. Don't bother disabling this if you're | 129 /* You can also disable integrity. Don't bother disabling this if you're |
| 125 * still using a cipher, it's relatively cheap. Don't disable this if you're | 130 * still using a cipher, it's relatively cheap. Don't disable this if you're |
| 126 * using 'none' cipher, since it's dead simple to run arbitrary commands | 131 * using 'none' cipher, since it's dead simple to run arbitrary commands |
| 127 * on the remote host. Beware. */ | 132 * on the remote host. Beware. |
| 128 /*#define DROPBEAR_NONE_INTEGRITY*/ | 133 * Note again, for the client you will have to disable other hashes above |
| 134 * to use this. */ | |
| 135 #define DROPBEAR_NONE_INTEGRITY | |
| 129 | 136 |
| 130 /* Hostkey/public key algorithms - at least one required, these are used | 137 /* Hostkey/public key algorithms - at least one required, these are used |
| 131 * for hostkey as well as for verifying signatures with pubkey auth. | 138 * for hostkey as well as for verifying signatures with pubkey auth. |
| 132 * Removing either of these won't save very much space. | 139 * Removing either of these won't save very much space. |
| 133 * SSH2 RFC Draft requires dss, recommends rsa */ | 140 * SSH2 RFC Draft requires dss, recommends rsa */ |