comparison options.h @ 1087:1e486f368ec3

Disable twofish-ctr by default, add config option
author Matt Johnston <matt@ucc.asn.au>
date Wed, 03 Jun 2015 22:59:59 +0800
parents deed0571cacc
children 36557295418e
comparison
equal deleted inserted replaced
1086:50f8a24953e6 1087:1e486f368ec3
101 /* Enable CBC mode for ciphers. This has security issues though 101 /* Enable CBC mode for ciphers. This has security issues though
102 * is the most compatible with older SSH implementations */ 102 * is the most compatible with older SSH implementations */
103 #define DROPBEAR_ENABLE_CBC_MODE 103 #define DROPBEAR_ENABLE_CBC_MODE
104 104
105 /* Enable "Counter Mode" for ciphers. This is more secure than normal 105 /* Enable "Counter Mode" for ciphers. This is more secure than normal
106 * CBC mode against certain attacks. This adds around 1kB to binary 106 * CBC mode against certain attacks. It is recommended for security
107 * size and is recommended for most cases */ 107 * and forwards compatibility */
108 #define DROPBEAR_ENABLE_CTR_MODE 108 #define DROPBEAR_ENABLE_CTR_MODE
109
110 /* Twofish counter mode is disabled by default because it
111 has not been tested for interoperability with other SSH implementations.
112 If you test it please contact the Dropbear author */
113 /* #define DROPBEAR_TWOFISH_CTR */
109 114
110 /* You can compile with no encryption if you want. In some circumstances 115 /* You can compile with no encryption if you want. In some circumstances
111 * this could be safe security-wise, though make sure you know what 116 * this could be safe security-wise, though make sure you know what
112 * you're doing. Anyone can see everything that goes over the wire, so 117 * you're doing. Anyone can see everything that goes over the wire, so
113 * the only safe auth method is public key. */ 118 * the only safe auth method is public key. */