Mercurial > dropbear
comparison options.h @ 850:7507b174bba0 ecc
- Make curve25519 work after fixing a typo, interoperates with OpenSSH
- comment on ecc binary size effects
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 09 Nov 2013 00:02:26 +0800 |
| parents | 754d7bee1068 |
| children | c1c1b43f78c2 |
comparison
equal
deleted
inserted
replaced
| 849:754d7bee1068 | 850:7507b174bba0 |
|---|---|
| 136 * for hostkey as well as for verifying signatures with pubkey auth. | 136 * for hostkey as well as for verifying signatures with pubkey auth. |
| 137 * Removing either of these won't save very much space. | 137 * Removing either of these won't save very much space. |
| 138 * SSH2 RFC Draft requires dss, recommends rsa */ | 138 * SSH2 RFC Draft requires dss, recommends rsa */ |
| 139 #define DROPBEAR_RSA | 139 #define DROPBEAR_RSA |
| 140 #define DROPBEAR_DSS | 140 #define DROPBEAR_DSS |
| 141 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC | |
| 142 * code (either ECDSA or ECDH) increases binary size - around 30kB | |
| 143 * on x86-64 */ | |
| 141 #define DROPBEAR_ECDSA | 144 #define DROPBEAR_ECDSA |
| 142 | 145 |
| 143 /* Generate hostkeys as-needed when the first connection using that key type occurs. | 146 /* Generate hostkeys as-needed when the first connection using that key type occurs. |
| 144 This avoids the need to otherwise run "dropbearkey" and avoids some problems | 147 This avoids the need to otherwise run "dropbearkey" and avoids some problems |
| 145 with badly seeded random devices when systems first boot. | 148 with badly seeded /dev/urandom when systems first boot. |
| 146 This also requires a runtime flag "-R". */ | 149 This also requires a runtime flag "-R". */ |
| 147 #define DROPBEAR_DELAY_HOSTKEY | 150 #define DROPBEAR_DELAY_HOSTKEY |
| 148 | 151 |
| 152 /* Enable Curve25519 for key exchange. This is another elliptic | |
| 153 * curve method with good security properties. Increases binary size | |
| 154 * by ~10kB on x86-64 */ | |
| 149 #define DROPBEAR_CURVE25519 | 155 #define DROPBEAR_CURVE25519 |
| 150 | 156 |
| 151 /* RSA can be vulnerable to timing attacks which use the time required for | 157 /* Enable elliptic curve Diffie Hellman key exchange, see note about |
| 152 * signing to guess the private key. Blinding avoids this attack, though makes | 158 * ECDSA above */ |
| 153 * signing operations slightly slower. */ | |
| 154 #define RSA_BLINDING | |
| 155 | |
| 156 /* Enable elliptic curve Diffie Hellman key exchange */ | |
| 157 #define DROPBEAR_ECDH | 159 #define DROPBEAR_ECDH |
| 158 | 160 |
| 159 /* Control the memory/performance/compression tradeoff for zlib. | 161 /* Control the memory/performance/compression tradeoff for zlib. |
| 160 * Set windowBits=8 for least memory usage, see your system's | 162 * Set windowBits=8 for least memory usage, see your system's |
| 161 * zlib.h for full details. | 163 * zlib.h for full details. |