Mercurial > dropbear
comparison options.h @ 710:91dd8328a3ff
Merge "none" cipher/MAC branch. Also adds sha256 and sha512
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 20 Mar 2013 22:41:07 +0800 |
| parents | 94aa1203be1e 983a817f8e41 |
| children | e22d5f5f6e37 |
comparison
equal
deleted
inserted
replaced
| 709:abd99ecd7ec2 | 710:91dd8328a3ff |
|---|---|
| 98 /* Enable "Counter Mode" for ciphers. This is more secure than normal | 98 /* Enable "Counter Mode" for ciphers. This is more secure than normal |
| 99 * CBC mode against certain attacks. This adds around 1kB to binary | 99 * CBC mode against certain attacks. This adds around 1kB to binary |
| 100 * size and is recommended for most cases */ | 100 * size and is recommended for most cases */ |
| 101 #define DROPBEAR_ENABLE_CTR_MODE | 101 #define DROPBEAR_ENABLE_CTR_MODE |
| 102 | 102 |
| 103 /* You can compile with no encryption if you want. In some circumstances | |
| 104 * this could be safe security-wise, though make sure you know what | |
| 105 * you're doing. Anyone can see everything that goes over the wire, so | |
| 106 * the only safe auth method is public key. */ | |
| 107 #define DROPBEAR_NONE_CIPHER | |
| 108 | |
| 103 /* Message Integrity - at least one required. | 109 /* Message Integrity - at least one required. |
| 104 * Protocol RFC requires sha1 and recommends sha1-96. | 110 * Protocol RFC requires sha1 and recommends sha1-96. |
| 105 * sha1-96 is of use for slow links as it has a smaller overhead. | 111 * sha1-96 is of use for slow links as it has a smaller overhead. |
| 106 * | 112 * |
| 107 * There's no reason to disable sha1 or sha1-96 to save space since it's | 113 * There's no reason to disable sha1 or sha1-96 to save space since it's |
| 110 * of the ssh protocol. | 116 * of the ssh protocol. |
| 111 * | 117 * |
| 112 * These hashes are also used for public key fingerprints in logs. | 118 * These hashes are also used for public key fingerprints in logs. |
| 113 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, | 119 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, |
| 114 * which are not the standard form. */ | 120 * which are not the standard form. */ |
| 115 | |
| 116 #define DROPBEAR_SHA1_HMAC | 121 #define DROPBEAR_SHA1_HMAC |
| 117 #define DROPBEAR_SHA1_96_HMAC | 122 #define DROPBEAR_SHA1_96_HMAC |
| 123 /*#define DROPBEAR_SHA2_256_HMAC*/ | |
| 124 /*#define DROPBEAR_SHA2_512_HMAC*/ | |
| 118 #define DROPBEAR_MD5_HMAC | 125 #define DROPBEAR_MD5_HMAC |
| 126 | |
| 127 /* You can also disable integrity. Don't bother disabling this if you're | |
| 128 * still using a cipher, it's relatively cheap. If you disable this it's dead | |
| 129 * simple to run arbitrary commands on the remote host. Beware. | |
| 130 * Note again, for the client you will have to disable other hashes above | |
| 131 * to use this. */ | |
| 132 #define DROPBEAR_NONE_INTEGRITY | |
| 119 | 133 |
| 120 /* Hostkey/public key algorithms - at least one required, these are used | 134 /* Hostkey/public key algorithms - at least one required, these are used |
| 121 * for hostkey as well as for verifying signatures with pubkey auth. | 135 * for hostkey as well as for verifying signatures with pubkey auth. |
| 122 * Removing either of these won't save very much space. | 136 * Removing either of these won't save very much space. |
| 123 * SSH2 RFC Draft requires dss, recommends rsa */ | 137 * SSH2 RFC Draft requires dss, recommends rsa */ |