comparison options.h @ 292:64abb124763d insecure-nocrypto

propagate from branch 'au.asn.ucc.matt.dropbear' (head 7ad1775ed65e75dbece27fe6b65bf1a234db386a) to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 88ed2b94d9bfec9a4f661caf592ed01da5eb3b6a)
author Matt Johnston <matt@ucc.asn.au>
date Fri, 10 Mar 2006 06:30:52 +0000
parents 55a99934db87 29afa62b5450
children 461c4b1fb35f
comparison
equal deleted inserted replaced
291:55a99934db87 292:64abb124763d
63 63
64 /* Encryption - at least one required. 64 /* Encryption - at least one required.
65 * RFC Draft requires 3DES and recommends AES128 for interoperability. 65 * RFC Draft requires 3DES and recommends AES128 for interoperability.
66 * Including multiple keysize variants the same cipher 66 * Including multiple keysize variants the same cipher
67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ 67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/
68 /*
68 #define DROPBEAR_AES128_CBC 69 #define DROPBEAR_AES128_CBC
69 #define DROPBEAR_3DES_CBC 70 #define DROPBEAR_3DES_CBC
70 #define DROPBEAR_AES256_CBC 71 #define DROPBEAR_AES256_CBC
71 #define DROPBEAR_BLOWFISH_CBC 72 #define DROPBEAR_BLOWFISH_CBC
72 #define DROPBEAR_TWOFISH256_CBC 73 #define DROPBEAR_TWOFISH256_CBC
73 #define DROPBEAR_TWOFISH128_CBC 74 #define DROPBEAR_TWOFISH128_CBC
75 */
76
77 /* You can compile with no encryption if you want. In some circumstances
78 * this could be safe securitywise, though make sure you know what
79 * you're doing. Anyone can see everything that goes over the wire, so
80 * the only safe auth method is public key. You'll have to disable all other
81 * ciphers above in the client if you want to use this, or implement cipher
82 * prioritisation in cli-runopts.
83 *
84 * The best way to do things is probably make normal compile of dropbear with all
85 * ciphers including "none" as the server, then recompile a special
86 * "dbclient-insecure" client. */
87 #define DROPBEAR_NONE_CIPHER
74 88
75 /* Message Integrity - at least one required. 89 /* Message Integrity - at least one required.
76 * RFC Draft requires sha1 and recommends sha1-96. 90 * RFC Draft requires sha1 and recommends sha1-96.
77 * sha1-96 may be of use for slow links, as it has a smaller overhead. 91 * sha1-96 may be of use for slow links, as it has a smaller overhead.
78 * 92 *
86 * which are not the standard form. */ 100 * which are not the standard form. */
87 #define DROPBEAR_SHA1_HMAC 101 #define DROPBEAR_SHA1_HMAC
88 #define DROPBEAR_SHA1_96_HMAC 102 #define DROPBEAR_SHA1_96_HMAC
89 #define DROPBEAR_MD5_HMAC 103 #define DROPBEAR_MD5_HMAC
90 104
105 /* You can also disable integrity. Don't bother disabling this if you're
106 * still using a cipher, it's relatively cheap. Don't disable this if you're
107 * using 'none' cipher, since it's dead simple to run arbitrary commands
108 * on the remote host. Go ahead. Hang yourself with your own rope. */
109 /*#define DROPBEAR_NONE_INTEGRITY*/
110
91 /* Hostkey/public key algorithms - at least one required, these are used 111 /* Hostkey/public key algorithms - at least one required, these are used
92 * for hostkey as well as for verifying signatures with pubkey auth. 112 * for hostkey as well as for verifying signatures with pubkey auth.
93 * Removing either of these won't save very much space. 113 * Removing either of these won't save very much space.
94 * SSH2 RFC Draft requires dss, recommends rsa */ 114 * SSH2 RFC Draft requires dss, recommends rsa */
95 #define DROPBEAR_RSA 115 #define DROPBEAR_RSA