Mercurial > dropbear
diff options.h @ 850:7507b174bba0 ecc
- Make curve25519 work after fixing a typo, interoperates with OpenSSH
- comment on ecc binary size effects
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 09 Nov 2013 00:02:26 +0800 |
| parents | 754d7bee1068 |
| children | c1c1b43f78c2 |
line wrap: on
line diff
--- a/options.h Fri Nov 08 23:32:13 2013 +0800 +++ b/options.h Sat Nov 09 00:02:26 2013 +0800 @@ -138,22 +138,24 @@ * SSH2 RFC Draft requires dss, recommends rsa */ #define DROPBEAR_RSA #define DROPBEAR_DSS +/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC + * code (either ECDSA or ECDH) increases binary size - around 30kB + * on x86-64 */ #define DROPBEAR_ECDSA /* Generate hostkeys as-needed when the first connection using that key type occurs. This avoids the need to otherwise run "dropbearkey" and avoids some problems - with badly seeded random devices when systems first boot. + with badly seeded /dev/urandom when systems first boot. This also requires a runtime flag "-R". */ #define DROPBEAR_DELAY_HOSTKEY +/* Enable Curve25519 for key exchange. This is another elliptic + * curve method with good security properties. Increases binary size + * by ~10kB on x86-64 */ #define DROPBEAR_CURVE25519 -/* RSA can be vulnerable to timing attacks which use the time required for - * signing to guess the private key. Blinding avoids this attack, though makes - * signing operations slightly slower. */ -#define RSA_BLINDING - -/* Enable elliptic curve Diffie Hellman key exchange */ +/* Enable elliptic curve Diffie Hellman key exchange, see note about + * ECDSA above */ #define DROPBEAR_ECDH /* Control the memory/performance/compression tradeoff for zlib.