[Buildroot] [PATCH 2/3] dropbear: Add configuration options for security features
Sørensen, Stefan
Stefan.Sorensen at spectralink.com
Thu Apr 19 07:57:29 UTC 2018
On Wed, 2018-04-18 at 23:58 +0200, Arnout Vandecappelle wrote:
>
> On 18-04-18 16:24, Stefan Sørensen wrote:
> >
> > These new options allow the selection of
> > Ciphers (AES128, AES256, 3DES, BLowfish, Twofish128, Twofish256)
> > Cipher modes (CBC, CTR)
> > Integrity algorithms (SHA1, SHA1-96, SHA2-256, SHA2-512, MD5)
> > Key exchange algorithms (RSA, DSS, ECDSA, Curve25519, ECDH)
> > Authenticaton types (Password, Pubkey)
> >
> > No defaults are changed.
> >
> > Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
> > ---
> package/dropbear/Config.in | 163
> +++++++++++++++++++++++++++++++++++
> Do we really want so many configuration options?
Yes, it is a lot of options. So what about:
By default, enable the common and secure options (AES, CTR, SHA2,
ECDSA, Curve25519, Pubkey).
Add an option to enable legacy/insecure options (3DES, CBC, SHA1-96,
MD5, RSA).
Add an option to enable password authentication
Drop Blowfish and Twofish configuration.
Stefan
More information about the buildroot
mailing list