diff options
author | Hakan Olsson <ho@cvs.openbsd.org> | 2000-05-02 22:01:37 +0000 |
---|---|---|
committer | Hakan Olsson <ho@cvs.openbsd.org> | 2000-05-02 22:01:37 +0000 |
commit | be1a373a80da0464c6d65210ee342cbd9bc27769 (patch) | |
tree | 5b92bff783d8695bdf837058759c40200aef1a76 | |
parent | a8ced0c77938d43a2f60a078b4b9fbcc7bd2c3d3 (diff) |
Revert to using perl in the random key generation examples as hexdump
doesn't always produce the same length output.
Also; 3DES key needs 24, not 20 bytes.
-rw-r--r-- | share/man/man8/vpn.8 | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8 index 2391babb6a3..d8916406962 100644 --- a/share/man/man8/vpn.8 +++ b/share/man/man8/vpn.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vpn.8,v 1.36 2000/05/02 21:08:47 ho Exp $ +.\" $OpenBSD: vpn.8,v 1.37 2000/05/02 22:01:36 ho Exp $ .\" Copyright 1998 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -122,7 +122,7 @@ is by using the .Xr random 4 device. To produce 160 bits (20 bytes) of randomness, for example, do a: .Bd -literal - /usr/sbin/openssl rand 20 | /usr/bin/hexdump -e \\"%02x\\" + openssl rand 20 | perl -pe 's/./unpack("H2",$&)/ges' .Ed .Pp Different cipher types may require different sized keys. @@ -301,12 +301,14 @@ To create a manual keyed VPN between two class C networks using .Pp .Bl -enum .It -Choose the shared secrets using a suitably random method: +Choose the shared secrets using a suitably random method. +The 3DES encryption key needs 192 bits (3x64), or 24 bytes. +The SHA-1 authentication key for needs 160 bits, or 20 bytes. .Pp .Bd -literal -# /usr/sbin/openssl rand 20 | /usr/bin/hexdump -e \\"%02x\\" > enc_key +# openssl rand 24 | perl -pe 's/./unpack("H2",$&)/ges' > enc_key -# /usr/sbin/openssl rand 20 | /usr/bin/hexdump -e \\"%02x\\" > auth_key +# openssl rand 20 | perl -pe 's/./unpack("H2",$&)/ges' > auth_key .Ed .Pp .It |