Mercurial > dropbear
view TODO @ 994:5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).
Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.
Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.
(github pull request #9)
author | Fedor Brunner <fedor.brunner@azet.sk> |
---|---|
date | Fri, 23 Jan 2015 23:00:25 +0800 |
parents | 0cbe8f6dbf9e |
children |
line wrap: on
line source
Current: Things which might need doing: - default private dbclient keys - Make options.h generated from configure perhaps? - handle /etc/environment in AIX - check that there aren't timing issues with valid/invalid user authentication feedback. - Binding to different interfaces - CTR mode - SSH_MSG_IGNORE sending to improve CBC security - DH Group Exchange possibly, or just add group14 (whatever it's called today) - fix scp.c for IRIX - Be able to use OpenSSH keys for the client? or at least have some form of encrypted keys. - Client agent forwarding - Handle restrictions in ~/.ssh/authorized_keys ?