Mercurial > dropbear
comparison options.h @ 502:43bbe17d6ba0
- Add Counter Mode support
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 29 Sep 2008 13:53:31 +0000 |
| parents | f3ca5ebc319a |
| children | 0cdbc95bb3d2 |
comparison
equal
deleted
inserted
replaced
| 501:d58c478bd399 | 502:43bbe17d6ba0 |
|---|---|
| 73 /* Enable "Netcat mode". TODO describe here. */ | 73 /* Enable "Netcat mode". TODO describe here. */ |
| 74 #define ENABLE_CLI_NETCAT | 74 #define ENABLE_CLI_NETCAT |
| 75 | 75 |
| 76 | 76 |
| 77 /* Encryption - at least one required. | 77 /* Encryption - at least one required. |
| 78 * RFC Draft requires 3DES and recommends AES128 for interoperability. | 78 * Protocol RFC requires 3DES and recommends AES128 for interoperability. |
| 79 * Including multiple keysize variants the same cipher | 79 * Including multiple keysize variants the same cipher |
| 80 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ | 80 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ |
| 81 #define DROPBEAR_AES128_CBC | 81 #define DROPBEAR_AES128 |
| 82 #define DROPBEAR_3DES_CBC | 82 #define DROPBEAR_3DES |
| 83 #define DROPBEAR_AES256_CBC | 83 #define DROPBEAR_AES256 |
| 84 #define DROPBEAR_BLOWFISH_CBC | 84 #define DROPBEAR_BLOWFISH |
| 85 #define DROPBEAR_TWOFISH256_CBC | 85 #define DROPBEAR_TWOFISH256 |
| 86 #define DROPBEAR_TWOFISH128_CBC | 86 #define DROPBEAR_TWOFISH128 |
| 87 | |
| 88 /* Enable "Counter Mode" for ciphers. This is more secure than normal | |
| 89 * CBC mode against certain attacks. TODO how much size does it add? */ | |
| 90 #define DROPBEAR_ENABLE_CTR_MODE | |
| 87 | 91 |
| 88 /* Message Integrity - at least one required. | 92 /* Message Integrity - at least one required. |
| 89 * RFC Draft requires sha1 and recommends sha1-96. | 93 * Protocol RFC requires sha1 and recommends sha1-96. |
| 90 * sha1-96 may be of use for slow links, as it has a smaller overhead. | 94 * sha1-96 may be of use for slow links, as it has a smaller overhead. |
| 91 * | 95 * |
| 92 * Note: there's no point disabling sha1 to save space, since it's used | 96 * Note: there's no point disabling sha1 to save space, since it's used |
| 93 * for the random number generator and public-key cryptography anyway. | 97 * for the random number generator and public-key cryptography anyway. |
| 94 * Disabling it here will just stop it from being used as the integrity portion | 98 * Disabling it here will just stop it from being used as the integrity portion |
| 140 * but there's an interface via a PAM module - don't bother using it otherwise. | 144 * but there's an interface via a PAM module - don't bother using it otherwise. |
| 141 * You can't enable both PASSWORD and PAM. */ | 145 * You can't enable both PASSWORD and PAM. */ |
| 142 | 146 |
| 143 #define ENABLE_SVR_PASSWORD_AUTH | 147 #define ENABLE_SVR_PASSWORD_AUTH |
| 144 /* PAM requires ./configure --enable-pam */ | 148 /* PAM requires ./configure --enable-pam */ |
| 145 /* #define ENABLE_SVR_PAM_AUTH */ | 149 /*#define ENABLE_SVR_PAM_AUTH*/ |
| 146 #define ENABLE_SVR_PUBKEY_AUTH | 150 #define ENABLE_SVR_PUBKEY_AUTH |
| 147 | 151 |
| 148 /* Wether to ake public key options in authorized_keys file into account */ | 152 /* Wether to ake public key options in authorized_keys file into account */ |
| 149 #ifdef ENABLE_SVR_PUBKEY_AUTH | 153 #ifdef ENABLE_SVR_PUBKEY_AUTH |
| 150 #define ENABLE_SVR_PUBKEY_OPTIONS | 154 #define ENABLE_SVR_PUBKEY_OPTIONS |