diff options
author | Marc Kleine-Budde <mkl@pengutronix.de> | 2009-03-03 17:08:15 +0000 |
---|---|---|
committer | Marc Kleine-Budde <mkl@pengutronix.de> | 2009-03-03 17:08:15 +0000 |
commit | 18994995680c1a864e55c2a4baa918df94814a54 (patch) | |
tree | 128b5060800130642f85ece6d8fbbdc606a99ab3 /rules/dropbear.in | |
parent | 2feeb9036de835db56feca375226e0b72a4cb6e6 (diff) | |
download | ptxdist-18994995680c1a864e55c2a4baa918df94814a54.tar.gz ptxdist-18994995680c1a864e55c2a4baa918df94814a54.tar.xz |
[dropbear] fix enabling/disabling of options
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
git-svn-id: https://svn.pengutronix.de/svn/ptxdist/trunks/ptxdist-trunk@9932 33e552b5-05e3-0310-8538-816dae2090ed
Diffstat (limited to 'rules/dropbear.in')
-rw-r--r-- | rules/dropbear.in | 63 |
1 files changed, 50 insertions, 13 deletions
diff --git a/rules/dropbear.in b/rules/dropbear.in index bd92c724a..f7e99a57f 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -128,17 +128,42 @@ config DROPBEAR_DIS_AGENT Authentication agent is a program to automatize the use of authentication private keys. -comment "Encryption, at least one required --- RFC Draft requires 3DES" +comment "Encryption, at least one required --- RFC Draft requires 3DES and recommends AES128" config DROPBEAR_AES128 bool prompt "AES 128" + default y + help + This Advanced Encryption Standard designed by Joan Daemen + and Vincent Rijmen, is a FIPS-approved symmetric encryption + algorithm that may be used by U.S. Government organizations + (and others) to protect sensitive information. + +config DROPBEAR_3DES + bool + prompt "3DES" + default y + help + DES is an IBM algorithm designed during the 1970s. + In 1976, NIST has officially adopted it as an encryption + algorithm for unclassified data. Since then, DES has + become one of the widely used block ciphers on the + market. As the effective key length of DES is a 56-bit, + a triple-DES was created. The new 3DES concept uses + three DES rounds to encrypt the DATA 3 times. + +config DROPBEAR_AES256 + bool + prompt "AES 256" + default y help This Advanced Encryption Standard designed by Joan Daemen and Vincent Rijmen, is a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information. + config DROPBEAR_BLOWFISH bool prompt "Blowfish" @@ -161,20 +186,19 @@ config DROPBEAR_TWOFISH128 bijective f function made by four key-dependent 8x8-bit S-boxes. -config DROPBEAR_3DES +config DROPBEAR_TWOFISH256 bool - prompt "3DES" - default y + prompt "Twofish256" help - DES is an IBM algorithm designed during the 1970s. - In 1976, NIST has officially adopted it as an encryption - algorithm for unclassified data. Since then, DES has - become one of the widely used block ciphers on the - market. As the effective key length of DES is a 56-bit, - a triple-DES was created. The new 3DES concept uses - three DES rounds to encrypt the DATA 3 times. + Another great algorithm designed by Bruce Schneier. + This block cipher was designed as a successor to + the 64-bit Blowfish block cipher. + Twofish combines a 16-round Feistel network with a + bijective f function made by four key-dependent + 8x8-bit S-boxes. -comment "Integrity, at least one required --- RFC Draft requires sha1-hmac" + +comment "Integrity, at least one required --- RFC Draft requires sha1-hmac and recommends sha1-96" config DROPBEAR_SHA1 bool @@ -189,6 +213,19 @@ config DROPBEAR_SHA1 Although slower than MD5, this larger digest size makes it stronger against brute force attacks. +config DROPBEAR_SHA1_96 + bool + prompt "sha1-96" + default y + help + The Secure Hash Algorithm (SHA) was developed by NIST and + is specified in the Secure Hash Standard (SHS, FIPS 180). + SHA-1 is a revision to this version and was published in + 1994. It is also described in the ANSI X9.30 (part 2) + standard. SHA-1 produces a 160-bit (20 byte) message digest. + Although slower than MD5, this larger digest size makes it + stronger against brute force attacks. + config DROPBEAR_MD5 bool prompt "md5" @@ -197,7 +234,7 @@ config DROPBEAR_MD5 Its 128 bit (16 byte) message digest makes it a faster implementation than SHA-1. -comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss" +comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss, recommends rsa" config DROPBEAR_RSA bool |