[Buildroot] [PATCH 2/3] dropbear: Add configuration options for security features

Sørensen, Stefan Stefan.Sorensen at spectralink.com
Thu Apr 19 07:57:29 UTC 2018


On Wed, 2018-04-18 at 23:58 +0200, Arnout Vandecappelle wrote:
> 
> On 18-04-18 16:24, Stefan Sørensen wrote:
> > 
> > These new options allow the selection of
> >   Ciphers (AES128, AES256, 3DES, BLowfish, Twofish128, Twofish256)
> >   Cipher modes (CBC, CTR)
> >   Integrity algorithms (SHA1, SHA1-96, SHA2-256, SHA2-512, MD5)
> >   Key exchange algorithms (RSA, DSS, ECDSA, Curve25519, ECDH)
> >   Authenticaton types (Password, Pubkey)
> > 
> > No defaults are changed.
> > 
> > Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
> > ---
>  package/dropbear/Config.in   | 163
> +++++++++++++++++++++++++++++++++++
>  Do we really want so many configuration options?

Yes, it is a lot of options. So what about:

   By default, enable the common and secure options (AES, CTR, SHA2,  
   ECDSA, Curve25519, Pubkey).

   Add an option to enable legacy/insecure options (3DES, CBC, SHA1-96, 
   MD5, RSA).

   Add an option to enable password authentication

   Drop Blowfish and Twofish configuration.


Stefan


More information about the buildroot mailing list