Mercurial > dropbear
comparison options.h @ 360:09cb54106e89 insecure-nocrypto
explicit merge of '0501e6f661b5415eb76f3b312d183c3adfbfb712'
and '2b954d406290e6a2be8eb4a262d3675ac95ac544'
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 02 Oct 2006 06:39:32 +0000 |
| parents | 64abb124763d |
| children | 461c4b1fb35f |
comparison
equal
deleted
inserted
replaced
| 295:03f65e461915 | 360:09cb54106e89 |
|---|---|
| 63 | 63 |
| 64 /* Encryption - at least one required. | 64 /* Encryption - at least one required. |
| 65 * RFC Draft requires 3DES and recommends AES128 for interoperability. | 65 * RFC Draft requires 3DES and recommends AES128 for interoperability. |
| 66 * Including multiple keysize variants the same cipher | 66 * Including multiple keysize variants the same cipher |
| 67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ | 67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ |
| 68 /* | |
| 68 #define DROPBEAR_AES128_CBC | 69 #define DROPBEAR_AES128_CBC |
| 69 #define DROPBEAR_3DES_CBC | 70 #define DROPBEAR_3DES_CBC |
| 70 #define DROPBEAR_AES256_CBC | 71 #define DROPBEAR_AES256_CBC |
| 71 #define DROPBEAR_BLOWFISH_CBC | 72 #define DROPBEAR_BLOWFISH_CBC |
| 72 #define DROPBEAR_TWOFISH256_CBC | 73 #define DROPBEAR_TWOFISH256_CBC |
| 73 #define DROPBEAR_TWOFISH128_CBC | 74 #define DROPBEAR_TWOFISH128_CBC |
| 75 */ | |
| 76 | |
| 77 /* You can compile with no encryption if you want. In some circumstances | |
| 78 * this could be safe securitywise, though make sure you know what | |
| 79 * you're doing. Anyone can see everything that goes over the wire, so | |
| 80 * the only safe auth method is public key. You'll have to disable all other | |
| 81 * ciphers above in the client if you want to use this, or implement cipher | |
| 82 * prioritisation in cli-runopts. | |
| 83 * | |
| 84 * The best way to do things is probably make normal compile of dropbear with all | |
| 85 * ciphers including "none" as the server, then recompile a special | |
| 86 * "dbclient-insecure" client. */ | |
| 87 #define DROPBEAR_NONE_CIPHER | |
| 74 | 88 |
| 75 /* Message Integrity - at least one required. | 89 /* Message Integrity - at least one required. |
| 76 * RFC Draft requires sha1 and recommends sha1-96. | 90 * RFC Draft requires sha1 and recommends sha1-96. |
| 77 * sha1-96 may be of use for slow links, as it has a smaller overhead. | 91 * sha1-96 may be of use for slow links, as it has a smaller overhead. |
| 78 * | 92 * |
| 86 * which are not the standard form. */ | 100 * which are not the standard form. */ |
| 87 #define DROPBEAR_SHA1_HMAC | 101 #define DROPBEAR_SHA1_HMAC |
| 88 #define DROPBEAR_SHA1_96_HMAC | 102 #define DROPBEAR_SHA1_96_HMAC |
| 89 #define DROPBEAR_MD5_HMAC | 103 #define DROPBEAR_MD5_HMAC |
| 90 | 104 |
| 105 /* You can also disable integrity. Don't bother disabling this if you're | |
| 106 * still using a cipher, it's relatively cheap. Don't disable this if you're | |
| 107 * using 'none' cipher, since it's dead simple to run arbitrary commands | |
| 108 * on the remote host. Go ahead. Hang yourself with your own rope. */ | |
| 109 /*#define DROPBEAR_NONE_INTEGRITY*/ | |
| 110 | |
| 91 /* Hostkey/public key algorithms - at least one required, these are used | 111 /* Hostkey/public key algorithms - at least one required, these are used |
| 92 * for hostkey as well as for verifying signatures with pubkey auth. | 112 * for hostkey as well as for verifying signatures with pubkey auth. |
| 93 * Removing either of these won't save very much space. | 113 * Removing either of these won't save very much space. |
| 94 * SSH2 RFC Draft requires dss, recommends rsa */ | 114 * SSH2 RFC Draft requires dss, recommends rsa */ |
| 95 #define DROPBEAR_RSA | 115 #define DROPBEAR_RSA |