Mercurial > dropbear

diff options.h @ 512:0129fd8ccc71 insecure-nocrypto

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update nocrypto branch to current head
author Matt Johnston <matt@ucc.asn.au>
date Thu, 06 Nov 2008 13:33:06 +0000
parents 582cb38e4eb5
children a4b7627b3157
line wrap: on
line diff
--- a/options.h	Thu Nov 06 13:16:55 2008 +0000
+++ b/options.h	Thu Nov 06 13:33:06 2008 +0000
@@ -82,17 +82,15 @@
  * Protocol RFC requires 3DES and recommends AES128 for interoperability.
  * Including multiple keysize variants the same cipher 
  * (eg AES256 as well as AES128) will result in a minimal size increase.*/
+/*
 #define DROPBEAR_AES128
 #define DROPBEAR_3DES
 #define DROPBEAR_AES256
 #define DROPBEAR_BLOWFISH
 #define DROPBEAR_TWOFISH256
 #define DROPBEAR_TWOFISH128
+*/
 
-/* Enable "Counter Mode" for ciphers. This is more secure than normal
- * CBC mode against certain attacks. This adds around 1kB to binary 
- * size and is recommended for most cases */
-#define DROPBEAR_ENABLE_CTR_MODE
 /* You can compile with no encryption if you want. In some circumstances
  * this could be safe securitywise, though make sure you know what
  * you're doing. Anyone can see everything that goes over the wire, so
@@ -105,6 +103,11 @@
  * "dbclient-insecure" client. */
 #define DROPBEAR_NONE_CIPHER
 
+/* Enable "Counter Mode" for ciphers. This is more secure than normal
+ * CBC mode against certain attacks. This adds around 1kB to binary 
+ * size and is recommended for most cases */
+#define DROPBEAR_ENABLE_CTR_MODE
+
 /* Message Integrity - at least one required.
  * Protocol RFC requires sha1 and recommends sha1-96.
  * sha1-96 may be of use for slow links, as it has a smaller overhead.
@@ -117,15 +120,19 @@
  * These hashes are also used for public key fingerprints in logs.
  * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
  * which are not the standard form. */
+/*
 #define DROPBEAR_SHA1_HMAC
 #define DROPBEAR_SHA1_96_HMAC
 #define DROPBEAR_MD5_HMAC
+*/
 
 /* You can also disable integrity. Don't bother disabling this if you're
  * still using a cipher, it's relatively cheap. Don't disable this if you're
  * using 'none' cipher, since it's dead simple to run arbitrary commands
- * on the remote host. Beware. */
-/*#define DROPBEAR_NONE_INTEGRITY*/
+ * on the remote host. Beware.
+ * Note again, for the client you will have to disable other hashes above
+ * to use this. */
+#define DROPBEAR_NONE_INTEGRITY
 
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.