Mercurial > dropbear
diff sysoptions.h @ 1831:0a3d02c66bf6
Comment on reason for DROPBEAR_MAX_PASSWORD_LEN limit
| author | Matt Johnston <matt@codeconstruct.com.au> |
|---|---|
| date | Tue, 12 Oct 2021 21:29:25 +0800 |
| parents | 4b984c42372d |
| children | a974a80f5f44 |
line wrap: on
line diff
--- a/sysoptions.h Mon Oct 11 15:46:49 2021 +0800 +++ b/sysoptions.h Tue Oct 12 21:29:25 2021 +0800 @@ -86,6 +86,12 @@ /* Required for pubkey auth */ #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT)) +/* crypt(password) must take less time than the auth failure delay + (250ms set in svr-auth.c). On Linux the delay depends on + password length, 100 characters here was empirically derived. + + If a longer password is allowed Dropbear cannot compensate + for the crypt time which will expose which usernames exist */ #define DROPBEAR_MAX_PASSWORD_LEN 100 #define SHA1_HASH_SIZE 20