diff options
author | Aaron Campbell <aaron@cvs.openbsd.org> | 1999-07-22 12:58:27 +0000 |
---|---|---|
committer | Aaron Campbell <aaron@cvs.openbsd.org> | 1999-07-22 12:58:27 +0000 |
commit | 6293288d704cd87f71aec3d537107d1c7aae36b3 (patch) | |
tree | be76a9b0bbd2488d52c47dea7dd630ebc83cabf1 | |
parent | ce845f2561c51cf6487e611e02765d18f5262b4b (diff) |
clearer description of DES and 3DES key requirements; deraadt@
-rw-r--r-- | share/man/man8/vpn.8 | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8 index d3a3fee4c03..107e784ad77 100644 --- a/share/man/man8/vpn.8 +++ b/share/man/man8/vpn.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vpn.8,v 1.24 1999/07/22 08:03:52 deraadt Exp $ +.\" $OpenBSD: vpn.8,v 1.25 1999/07/22 12:58:26 aaron Exp $ .\" Copyright 1998 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -45,17 +45,18 @@ is used to provide the necessary network-layer cryptographic services. This document describes the configuration process for setting up a .Nm VPN . .Pp -Briefly, creating a VPN consists of the following steps +Briefly, creating a VPN consists of the following steps: +.Pp .Bl -enum -compact .It Choose a key exchange method: manual keyed or -.Xr photurisd 8 +.Xr photurisd 8 . .It -Create a Security Association (SA) for each endpoint +Create a Security Association (SA) for each endpoint. .It -Create the appropriate IPSec flows +Create the appropriate IPSec flows. .It -Configure your firewall rules appropriately +Configure your firewall rules appropriately. .El .Ss Choosing a key exchange method There are currently two key exchange methods available: @@ -103,9 +104,9 @@ Use of DES or SKIPJACK as an encryption algorithm is not recommended Furthermore, recent attacks on SKIPJACK have shown severe weaknesses in its structure. .Pp -Note that when using DES (or 3DES), the most significant bit of each -byte is ignored. This means that 8 bytes are required to form a 56-bit -DES key, and 24 bytes are required to form a 168 bit 3DES key. +Note that DES requires 8 bytes to form a 56-bit key and 3DES requires 24 bytes +to form its 168-bit key. This is because the most significant bit of each byte +is ignored by both algorithms. .Ss Enabling the Appropriate Kernel Operations .Xr ipsec 4 operations must be first enabled using |