Mercurial > dropbear
comparison options.h @ 1294:56aba7dedbea
options for disabling "normal" DH
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 02 May 2016 23:48:16 +0200 |
| parents | dc8f7997f10f |
| children | 750ec4ec4cbe |
comparison
equal
deleted
inserted
replaced
| 1293:dc8f7997f10f | 1294:56aba7dedbea |
|---|---|
| 148 #define DROPBEAR_RSA | 148 #define DROPBEAR_RSA |
| 149 #define DROPBEAR_DSS | 149 #define DROPBEAR_DSS |
| 150 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC | 150 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC |
| 151 * code (either ECDSA or ECDH) increases binary size - around 30kB | 151 * code (either ECDSA or ECDH) increases binary size - around 30kB |
| 152 * on x86-64 */ | 152 * on x86-64 */ |
| 153 #define DROPBEAR_ECDSA | 153 //#define DROPBEAR_ECDSA |
| 154 | 154 |
| 155 /* Generate hostkeys as-needed when the first connection using that key type occurs. | 155 /* Generate hostkeys as-needed when the first connection using that key type occurs. |
| 156 This avoids the need to otherwise run "dropbearkey" and avoids some problems | 156 This avoids the need to otherwise run "dropbearkey" and avoids some problems |
| 157 with badly seeded /dev/urandom when systems first boot. | 157 with badly seeded /dev/urandom when systems first boot. |
| 158 This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly | 158 This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly |
| 167 /* Enable elliptic curve Diffie Hellman key exchange, see note about | 167 /* Enable elliptic curve Diffie Hellman key exchange, see note about |
| 168 * ECDSA above */ | 168 * ECDSA above */ |
| 169 #define DROPBEAR_ECDH | 169 #define DROPBEAR_ECDH |
| 170 | 170 |
| 171 /* Key exchange algorithm. | 171 /* Key exchange algorithm. |
| 172 * group14_sha1 - 2048 bit, sha1 | |
| 173 * group14_sha256 - 2048 bit, sha2-256 | |
| 174 * group16 - 4096 bit, sha2-512 | |
| 172 * group1 - 1024 bit, sha1 | 175 * group1 - 1024 bit, sha1 |
| 173 * group14 - 2048 bit, sha1 | |
| 174 * group14_256 - 2048 bit, sha2-256 | |
| 175 * group16 - 4096 bit, sha2-512 | |
| 176 * | 176 * |
| 177 * group14 is supported by most implementations. | 177 * group14 is supported by most implementations. |
| 178 * group16 provides a greater strength but is slower and increases binary size | 178 * group16 provides a greater strength level but is slower and increases binary size |
| 179 * group1 is necessary if compatibility with Dropbear versions < 0.53 is required | 179 * group1 is too small for security though is necessary if you need |
| 180 compatibility with some implementations such as Dropbear versions < 0.53 | |
| 180 */ | 181 */ |
| 181 #define DROPBEAR_DH_GROUP1 1 | 182 #define DROPBEAR_DH_GROUP1 1 |
| 182 #define DROPBEAR_DH_GROUP14 1 | 183 #define DROPBEAR_DH_GROUP14_SHA1 1 |
| 183 #define DROPBEAR_DH_GROUP14_256 1 | 184 #define DROPBEAR_DH_GROUP14_SHA256 1 |
| 184 #define DROPBEAR_DH_GROUP16 0 | 185 #define DROPBEAR_DH_GROUP16 0 |
| 185 | 186 |
| 186 /* Control the memory/performance/compression tradeoff for zlib. | 187 /* Control the memory/performance/compression tradeoff for zlib. |
| 187 * Set windowBits=8 for least memory usage, see your system's | 188 * Set windowBits=8 for least memory usage, see your system's |
| 188 * zlib.h for full details. | 189 * zlib.h for full details. |