Mercurial > dropbear
comparison options.h @ 1294:56aba7dedbea
options for disabling "normal" DH
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 02 May 2016 23:48:16 +0200 |
parents | dc8f7997f10f |
children | 750ec4ec4cbe |
comparison
equal
deleted
inserted
replaced
1293:dc8f7997f10f | 1294:56aba7dedbea |
---|---|
148 #define DROPBEAR_RSA | 148 #define DROPBEAR_RSA |
149 #define DROPBEAR_DSS | 149 #define DROPBEAR_DSS |
150 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC | 150 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC |
151 * code (either ECDSA or ECDH) increases binary size - around 30kB | 151 * code (either ECDSA or ECDH) increases binary size - around 30kB |
152 * on x86-64 */ | 152 * on x86-64 */ |
153 #define DROPBEAR_ECDSA | 153 //#define DROPBEAR_ECDSA |
154 | 154 |
155 /* Generate hostkeys as-needed when the first connection using that key type occurs. | 155 /* Generate hostkeys as-needed when the first connection using that key type occurs. |
156 This avoids the need to otherwise run "dropbearkey" and avoids some problems | 156 This avoids the need to otherwise run "dropbearkey" and avoids some problems |
157 with badly seeded /dev/urandom when systems first boot. | 157 with badly seeded /dev/urandom when systems first boot. |
158 This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly | 158 This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly |
167 /* Enable elliptic curve Diffie Hellman key exchange, see note about | 167 /* Enable elliptic curve Diffie Hellman key exchange, see note about |
168 * ECDSA above */ | 168 * ECDSA above */ |
169 #define DROPBEAR_ECDH | 169 #define DROPBEAR_ECDH |
170 | 170 |
171 /* Key exchange algorithm. | 171 /* Key exchange algorithm. |
172 * group14_sha1 - 2048 bit, sha1 | |
173 * group14_sha256 - 2048 bit, sha2-256 | |
174 * group16 - 4096 bit, sha2-512 | |
172 * group1 - 1024 bit, sha1 | 175 * group1 - 1024 bit, sha1 |
173 * group14 - 2048 bit, sha1 | |
174 * group14_256 - 2048 bit, sha2-256 | |
175 * group16 - 4096 bit, sha2-512 | |
176 * | 176 * |
177 * group14 is supported by most implementations. | 177 * group14 is supported by most implementations. |
178 * group16 provides a greater strength but is slower and increases binary size | 178 * group16 provides a greater strength level but is slower and increases binary size |
179 * group1 is necessary if compatibility with Dropbear versions < 0.53 is required | 179 * group1 is too small for security though is necessary if you need |
180 compatibility with some implementations such as Dropbear versions < 0.53 | |
180 */ | 181 */ |
181 #define DROPBEAR_DH_GROUP1 1 | 182 #define DROPBEAR_DH_GROUP1 1 |
182 #define DROPBEAR_DH_GROUP14 1 | 183 #define DROPBEAR_DH_GROUP14_SHA1 1 |
183 #define DROPBEAR_DH_GROUP14_256 1 | 184 #define DROPBEAR_DH_GROUP14_SHA256 1 |
184 #define DROPBEAR_DH_GROUP16 0 | 185 #define DROPBEAR_DH_GROUP16 0 |
185 | 186 |
186 /* Control the memory/performance/compression tradeoff for zlib. | 187 /* Control the memory/performance/compression tradeoff for zlib. |
187 * Set windowBits=8 for least memory usage, see your system's | 188 * Set windowBits=8 for least memory usage, see your system's |
188 * zlib.h for full details. | 189 * zlib.h for full details. |