summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Campbell <aaron@cvs.openbsd.org>1999-07-22 12:58:27 +0000
committerAaron Campbell <aaron@cvs.openbsd.org>1999-07-22 12:58:27 +0000
commit6293288d704cd87f71aec3d537107d1c7aae36b3 (patch)
treebe76a9b0bbd2488d52c47dea7dd630ebc83cabf1
parentce845f2561c51cf6487e611e02765d18f5262b4b (diff)
clearer description of DES and 3DES key requirements; deraadt@
-rw-r--r--share/man/man8/vpn.819
1 files changed, 10 insertions, 9 deletions
diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8
index d3a3fee4c03..107e784ad77 100644
--- a/share/man/man8/vpn.8
+++ b/share/man/man8/vpn.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: vpn.8,v 1.24 1999/07/22 08:03:52 deraadt Exp $
+.\" $OpenBSD: vpn.8,v 1.25 1999/07/22 12:58:26 aaron Exp $
.\" Copyright 1998 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
.\"
@@ -45,17 +45,18 @@ is used to provide the necessary network-layer cryptographic services.
This document describes the configuration process for setting up a
.Nm VPN .
.Pp
-Briefly, creating a VPN consists of the following steps
+Briefly, creating a VPN consists of the following steps:
+.Pp
.Bl -enum -compact
.It
Choose a key exchange method: manual keyed or
-.Xr photurisd 8
+.Xr photurisd 8 .
.It
-Create a Security Association (SA) for each endpoint
+Create a Security Association (SA) for each endpoint.
.It
-Create the appropriate IPSec flows
+Create the appropriate IPSec flows.
.It
-Configure your firewall rules appropriately
+Configure your firewall rules appropriately.
.El
.Ss Choosing a key exchange method
There are currently two key exchange methods available:
@@ -103,9 +104,9 @@ Use of DES or SKIPJACK as an encryption algorithm is not recommended
Furthermore, recent attacks on SKIPJACK have shown severe weaknesses
in its structure.
.Pp
-Note that when using DES (or 3DES), the most significant bit of each
-byte is ignored. This means that 8 bytes are required to form a 56-bit
-DES key, and 24 bytes are required to form a 168 bit 3DES key.
+Note that DES requires 8 bytes to form a 56-bit key and 3DES requires 24 bytes
+to form its 168-bit key. This is because the most significant bit of each byte
+is ignored by both algorithms.
.Ss Enabling the Appropriate Kernel Operations
.Xr ipsec 4
operations must be first enabled using