Mercurial > dropbear
view crypto_desc.c @ 994:5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).
Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.
Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.
(github pull request #9)
| author | Fedor Brunner <fedor.brunner@azet.sk> |
|---|---|
| date | Fri, 23 Jan 2015 23:00:25 +0800 |
| parents | e465ed10c51d |
| children | 89555751c489 750ec4ec4cbe |
line wrap: on
line source
#include "includes.h" #include "dbutil.h" #include "crypto_desc.h" #include "ltc_prng.h" #include "ecc.h" #ifdef DROPBEAR_LTC_PRNG int dropbear_ltc_prng = -1; #endif /* Register the compiled in ciphers. * This should be run before using any of the ciphers/hashes */ void crypto_init() { const struct ltc_cipher_descriptor *regciphers[] = { #ifdef DROPBEAR_AES &aes_desc, #endif #ifdef DROPBEAR_BLOWFISH &blowfish_desc, #endif #ifdef DROPBEAR_TWOFISH &twofish_desc, #endif #ifdef DROPBEAR_3DES &des3_desc, #endif NULL }; const struct ltc_hash_descriptor *reghashes[] = { /* we need sha1 for hostkey stuff regardless */ &sha1_desc, #ifdef DROPBEAR_MD5_HMAC &md5_desc, #endif #ifdef DROPBEAR_SHA256 &sha256_desc, #endif #ifdef DROPBEAR_SHA384 &sha384_desc, #endif #ifdef DROPBEAR_SHA512 &sha512_desc, #endif NULL }; int i; for (i = 0; regciphers[i] != NULL; i++) { if (register_cipher(regciphers[i]) == -1) { dropbear_exit("Error registering crypto"); } } for (i = 0; reghashes[i] != NULL; i++) { if (register_hash(reghashes[i]) == -1) { dropbear_exit("Error registering crypto"); } } #ifdef DROPBEAR_LTC_PRNG dropbear_ltc_prng = register_prng(&dropbear_prng_desc); if (dropbear_ltc_prng == -1) { dropbear_exit("Error registering crypto"); } #endif #ifdef DROPBEAR_ECC ltc_mp = ltm_desc; dropbear_ecc_fill_dp(); #endif }