Matt Johnston
Matt Johnston
> I am actually interested in running dbclient non root , is there a possibility to do so? dbclient can run as any user
Dropbear isn't using LTC's DER functions (can confirm by putting `#error nope` in `der_decode_utf8_string`). I don't mind cherry picking this in, but I don't think the extra patch on top...
I don't think merging the unused patch has much benefit in practice, I'll close this. @ynezz thanks for reporting it though, at least now there's a github issue for people...
CVE-2019-17362 is a vulnerability in libtomcrypt but not in Dropbear (or in Dropbear's use of libtomcrypt - the der routines are not used). Changing the unused code in Dropbear's copy...
This discussion is pretty tedious. Here isn't a newspaper comments page. [this was response to some now deleted rubbish comments] I'll be disabling the sha1 algos by default. I don't...
sha1 is now disabled by default in Dropbear 2025.87
Currently there isn't any way to limit that
For my use case the signed message I want to verify is not directly received on the wire - it's over a message constructed from a few sources (`session_identifier` binds...
Rebased to current main
Made a few fixes to docs/comments and the changelog