diff options.h @ 681:a4b7627b3157 insecure-nocrypto

Update insecure-nocrypto to current head
author Matt Johnston <matt@ucc.asn.au>
date Wed, 16 May 2012 22:54:51 +0800
parents bd4b5d7886e5 0129fd8ccc71
children c37857676924
line wrap: on
line diff
--- a/options.h	Wed May 16 21:56:50 2012 +0800
+++ b/options.h	Wed May 16 22:54:51 2012 +0800
@@ -97,6 +97,18 @@
  * size and is recommended for most cases */
 #define DROPBEAR_ENABLE_CTR_MODE
 
+/* You can compile with no encryption if you want. In some circumstances
+ * this could be safe security-wise, though make sure you know what
+ * you're doing. Anyone can see everything that goes over the wire, so
+ * the only safe auth method is public key. You'll have to disable all other
+ * ciphers above in the client if you want to use this, or implement cipher
+ * prioritisation in cli-runopts.
+ *
+ * The best way to do things is probably make normal compile of dropbear with
+ * all ciphers including "none" as the server, then recompile a special
+ * "dbclient-insecure" client. */
+/* #define DROPBEAR_NONE_CIPHER */
+
 /* Message Integrity - at least one required.
  * Protocol RFC requires sha1 and recommends sha1-96.
  * sha1-96 is of use for slow links as it has a smaller overhead.
@@ -109,13 +121,19 @@
  * These hashes are also used for public key fingerprints in logs.
  * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
  * which are not the standard form. */
-
 #define DROPBEAR_SHA1_HMAC
 #define DROPBEAR_SHA1_96_HMAC
 /*#define DROPBEAR_SHA2_256_HMAC*/
 /*#define DROPBEAR_SHA2_512_HMAC*/
 #define DROPBEAR_MD5_HMAC
 
+/* You can also disable integrity. Don't bother disabling this if you're
+ * still using a cipher, it's relatively cheap. If you disable this it's dead
+ * simple to run arbitrary commands on the remote host. Beware.
+ * Note again, for the client you will have to disable other hashes above
+ * to use this. */
+/* #define DROPBEAR_NONE_INTEGRITY */
+
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
  * Removing either of these won't save very much space.