diff options
author | Matt Johnston <matt@ucc.asn.au> | 2013-11-09 00:02:26 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2013-11-09 00:02:26 +0800 |
commit | bacc14399c0d7af8470c79cad6179f6ce1e18582 (patch) | |
tree | 6cc893adfd3b9b85b65a5faae0ae78811feaa95b /options.h | |
parent | f6ba7a0dad0436877732b18b458c4d26f00125a0 (diff) | |
download | dropbear-bacc14399c0d7af8470c79cad6179f6ce1e18582.tar.gz |
- Make curve25519 work after fixing a typo, interoperates with OpenSSH
- comment on ecc binary size effects
Diffstat (limited to 'options.h')
-rw-r--r-- | options.h | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -138,22 +138,24 @@ much traffic. */ * SSH2 RFC Draft requires dss, recommends rsa */ #define DROPBEAR_RSA #define DROPBEAR_DSS +/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC + * code (either ECDSA or ECDH) increases binary size - around 30kB + * on x86-64 */ #define DROPBEAR_ECDSA /* Generate hostkeys as-needed when the first connection using that key type occurs. This avoids the need to otherwise run "dropbearkey" and avoids some problems - with badly seeded random devices when systems first boot. + with badly seeded /dev/urandom when systems first boot. This also requires a runtime flag "-R". */ #define DROPBEAR_DELAY_HOSTKEY +/* Enable Curve25519 for key exchange. This is another elliptic + * curve method with good security properties. Increases binary size + * by ~10kB on x86-64 */ #define DROPBEAR_CURVE25519 -/* RSA can be vulnerable to timing attacks which use the time required for - * signing to guess the private key. Blinding avoids this attack, though makes - * signing operations slightly slower. */ -#define RSA_BLINDING - -/* Enable elliptic curve Diffie Hellman key exchange */ +/* Enable elliptic curve Diffie Hellman key exchange, see note about + * ECDSA above */ #define DROPBEAR_ECDH /* Control the memory/performance/compression tradeoff for zlib. |