Mercurial > dropbear
comparison options.h @ 361:461c4b1fb35f insecure-nocrypto
Comment cleanups
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 02 Oct 2006 06:40:51 +0000 |
| parents | 64abb124763d |
| children | 582cb38e4eb5 |
comparison
equal
deleted
inserted
replaced
| 360:09cb54106e89 | 361:461c4b1fb35f |
|---|---|
| 79 * you're doing. Anyone can see everything that goes over the wire, so | 79 * you're doing. Anyone can see everything that goes over the wire, so |
| 80 * the only safe auth method is public key. You'll have to disable all other | 80 * the only safe auth method is public key. You'll have to disable all other |
| 81 * ciphers above in the client if you want to use this, or implement cipher | 81 * ciphers above in the client if you want to use this, or implement cipher |
| 82 * prioritisation in cli-runopts. | 82 * prioritisation in cli-runopts. |
| 83 * | 83 * |
| 84 * The best way to do things is probably make normal compile of dropbear with all | 84 * The best way to do things is probably make normal compile of dropbear with |
| 85 * ciphers including "none" as the server, then recompile a special | 85 * all ciphers including "none" as the server, then recompile a special |
| 86 * "dbclient-insecure" client. */ | 86 * "dbclient-insecure" client. */ |
| 87 #define DROPBEAR_NONE_CIPHER | 87 #define DROPBEAR_NONE_CIPHER |
| 88 | 88 |
| 89 /* Message Integrity - at least one required. | 89 /* Message Integrity - at least one required. |
| 90 * RFC Draft requires sha1 and recommends sha1-96. | 90 * RFC Draft requires sha1 and recommends sha1-96. |
| 103 #define DROPBEAR_MD5_HMAC | 103 #define DROPBEAR_MD5_HMAC |
| 104 | 104 |
| 105 /* You can also disable integrity. Don't bother disabling this if you're | 105 /* You can also disable integrity. Don't bother disabling this if you're |
| 106 * still using a cipher, it's relatively cheap. Don't disable this if you're | 106 * still using a cipher, it's relatively cheap. Don't disable this if you're |
| 107 * using 'none' cipher, since it's dead simple to run arbitrary commands | 107 * using 'none' cipher, since it's dead simple to run arbitrary commands |
| 108 * on the remote host. Go ahead. Hang yourself with your own rope. */ | 108 * on the remote host. Beware. */ |
| 109 /*#define DROPBEAR_NONE_INTEGRITY*/ | 109 /*#define DROPBEAR_NONE_INTEGRITY*/ |
| 110 | 110 |
| 111 /* Hostkey/public key algorithms - at least one required, these are used | 111 /* Hostkey/public key algorithms - at least one required, these are used |
| 112 * for hostkey as well as for verifying signatures with pubkey auth. | 112 * for hostkey as well as for verifying signatures with pubkey auth. |
| 113 * Removing either of these won't save very much space. | 113 * Removing either of these won't save very much space. |