Hi Oleg,
No experience with Dropbear, but I've used LibTomCrypt in a couple of
projects, and it rocks.
You can configure it to the level of paranoia you're comfortable with, e.g.,
scrubbing memory that contains keying material, etc. - the typical
security/performance and time/space tradeoffs.
Of course, having a solid crypto library is a necessary but *not* sufficient
condition for a secure application, as it's trivial to misuse crypto in a
way that leaves you totally insecure.
HTH,
Rony
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Oleg Goldshmidt
Sent: Thursday, July 17, 2008 1:42 PM
To: Linux-IL
Subject: Dropbear SSH
Hi everybody,
Does anyone have experience with DropBear SSH server/client
(http://matt.ucc.asn.au/dropbear/dropbear.html)? The context is an
embedded product with AMCC PPC460, Linux (say, 2.6.25 or later), and
busybox (1.10 or later) as the base, being defined/designed now. The
target audience is top tier customers, such as governments,
Fortune-whatever companies, major financial institutions, etc. SSH
access is essential (need ssh client, sshd, ssh-keygen, scp, whatever
dependencies there are).
Busybox does not provide SSH functionality by itself, and recommends
Dropbear (http://busybox.net/tinyutils.html). I would like to be quite
sure that DropBear has the functionality and the security that the
target market requires.
So far, what I see in the docs is as follows:
* Judging by Changelog, Dropbear is in version 0.51, and the
development is not very active. This may be because it is very stable
and very secure, or may be because there are not many development
resources.
* Uses LibTomCrypt rather than SSL - can anyone comment on
security/functionality?
I see my choces as DropBear vs. OpenSSH, compiled and linked for
busybox. I am not particularly concerned about CPU or RAM, but I have
a rather serious shortage of (flash) storage in the system. In our
estimate, OpenSSH will take at least 10 times more storage than
DropBear (between 1.2 and 1.5M rather than 110K Dropbear claims).
What I am interested to know is whether DropBear is a good substitute
for OpenSSH in terms of:
* functionality
* full compatibility
* security
* stability
* etc.
Any comments/experiences? Thanks a lot in advance,
--
Oleg Goldshmidt | [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
