Mercurial > dropbear
diff options.h @ 502:43bbe17d6ba0
- Add Counter Mode support
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 29 Sep 2008 13:53:31 +0000 |
| parents | f3ca5ebc319a |
| children | 0cdbc95bb3d2 |
line wrap: on
line diff
--- a/options.h Mon Sep 29 02:23:04 2008 +0000 +++ b/options.h Mon Sep 29 13:53:31 2008 +0000 @@ -75,18 +75,22 @@ /* Encryption - at least one required. - * RFC Draft requires 3DES and recommends AES128 for interoperability. + * Protocol RFC requires 3DES and recommends AES128 for interoperability. * Including multiple keysize variants the same cipher * (eg AES256 as well as AES128) will result in a minimal size increase.*/ -#define DROPBEAR_AES128_CBC -#define DROPBEAR_3DES_CBC -#define DROPBEAR_AES256_CBC -#define DROPBEAR_BLOWFISH_CBC -#define DROPBEAR_TWOFISH256_CBC -#define DROPBEAR_TWOFISH128_CBC +#define DROPBEAR_AES128 +#define DROPBEAR_3DES +#define DROPBEAR_AES256 +#define DROPBEAR_BLOWFISH +#define DROPBEAR_TWOFISH256 +#define DROPBEAR_TWOFISH128 + +/* Enable "Counter Mode" for ciphers. This is more secure than normal + * CBC mode against certain attacks. TODO how much size does it add? */ +#define DROPBEAR_ENABLE_CTR_MODE /* Message Integrity - at least one required. - * RFC Draft requires sha1 and recommends sha1-96. + * Protocol RFC requires sha1 and recommends sha1-96. * sha1-96 may be of use for slow links, as it has a smaller overhead. * * Note: there's no point disabling sha1 to save space, since it's used @@ -142,7 +146,7 @@ #define ENABLE_SVR_PASSWORD_AUTH /* PAM requires ./configure --enable-pam */ -/* #define ENABLE_SVR_PAM_AUTH */ +/*#define ENABLE_SVR_PAM_AUTH*/ #define ENABLE_SVR_PUBKEY_AUTH /* Wether to ake public key options in authorized_keys file into account */