comparison options.h @ 361:461c4b1fb35f insecure-nocrypto

Comment cleanups
author Matt Johnston <matt@ucc.asn.au>
date Mon, 02 Oct 2006 06:40:51 +0000
parents 64abb124763d
children 582cb38e4eb5
comparison
equal deleted inserted replaced
360:09cb54106e89 361:461c4b1fb35f
79 * you're doing. Anyone can see everything that goes over the wire, so 79 * you're doing. Anyone can see everything that goes over the wire, so
80 * the only safe auth method is public key. You'll have to disable all other 80 * the only safe auth method is public key. You'll have to disable all other
81 * ciphers above in the client if you want to use this, or implement cipher 81 * ciphers above in the client if you want to use this, or implement cipher
82 * prioritisation in cli-runopts. 82 * prioritisation in cli-runopts.
83 * 83 *
84 * The best way to do things is probably make normal compile of dropbear with all 84 * The best way to do things is probably make normal compile of dropbear with
85 * ciphers including "none" as the server, then recompile a special 85 * all ciphers including "none" as the server, then recompile a special
86 * "dbclient-insecure" client. */ 86 * "dbclient-insecure" client. */
87 #define DROPBEAR_NONE_CIPHER 87 #define DROPBEAR_NONE_CIPHER
88 88
89 /* Message Integrity - at least one required. 89 /* Message Integrity - at least one required.
90 * RFC Draft requires sha1 and recommends sha1-96. 90 * RFC Draft requires sha1 and recommends sha1-96.
103 #define DROPBEAR_MD5_HMAC 103 #define DROPBEAR_MD5_HMAC
104 104
105 /* You can also disable integrity. Don't bother disabling this if you're 105 /* You can also disable integrity. Don't bother disabling this if you're
106 * still using a cipher, it's relatively cheap. Don't disable this if you're 106 * still using a cipher, it's relatively cheap. Don't disable this if you're
107 * using 'none' cipher, since it's dead simple to run arbitrary commands 107 * using 'none' cipher, since it's dead simple to run arbitrary commands
108 * on the remote host. Go ahead. Hang yourself with your own rope. */ 108 * on the remote host. Beware. */
109 /*#define DROPBEAR_NONE_INTEGRITY*/ 109 /*#define DROPBEAR_NONE_INTEGRITY*/
110 110
111 /* Hostkey/public key algorithms - at least one required, these are used 111 /* Hostkey/public key algorithms - at least one required, these are used
112 * for hostkey as well as for verifying signatures with pubkey auth. 112 * for hostkey as well as for verifying signatures with pubkey auth.
113 * Removing either of these won't save very much space. 113 * Removing either of these won't save very much space.