summaryrefslogtreecommitdiff
path: root/sbin/ipsecadm
diff options
context:
space:
mode:
authorKjell Wooding <kjell@cvs.openbsd.org>2002-06-10 15:42:25 +0000
committerKjell Wooding <kjell@cvs.openbsd.org>2002-06-10 15:42:25 +0000
commita981103755027ffa59d42c6164b2d43707e41256 (patch)
treec4103ad0253419115f20f0f0aae2269025edded2 /sbin/ipsecadm
parenta63b8df8f2d911153cf51fdff3c419af21713ccd (diff)
save some entropy in random key generation. oked by angelos many moons ago
Diffstat (limited to 'sbin/ipsecadm')
-rw-r--r--sbin/ipsecadm/ipsecadm.816
1 files changed, 9 insertions, 7 deletions
diff --git a/sbin/ipsecadm/ipsecadm.8 b/sbin/ipsecadm/ipsecadm.8
index f2a0325fb50..47a7ed9e8c5 100644
--- a/sbin/ipsecadm/ipsecadm.8
+++ b/sbin/ipsecadm/ipsecadm.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ipsecadm.8,v 1.50 2002/06/09 08:13:06 todd Exp $
+.\" $OpenBSD: ipsecadm.8,v 1.51 2002/06/10 15:42:24 kjell Exp $
.\"
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
@@ -433,9 +433,10 @@ The
should be chosen in random (ideally, using some true-random source like
coin flipping).
It is very important that the key is not guessable.
-One practical way of generating keys is by using the
-.Xr random 4
-device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1)
+One practical way of generating 160-bit (20-byte) keys is as follows:
+.Bd -literal
+ $ openssl rand 20 | hexdump -e '20/1 "%02x"'
+.Ed
.It Fl keyfile
Read the key from a file.
May be used instead of the
@@ -455,9 +456,10 @@ The
should be chosen in random (ideally, using some true-random source like
coin flipping).
It is very important that the key is not guessable.
-One practical way of generating keys is by using the
-.Xr random 4
-device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1)
+One practical way of generating 160-bit (20-byte) keys is as follows:
+.Bd -literal
+ $ openssl rand 20 | hexdump -e '20/1 "%02x"'
+.Ed
.It Fl authkeyfile
Read the authkey from a file.
May be used instead of the