diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2006-08-30 12:58:26 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2006-08-30 12:58:26 +0000 |
| commit | 8908381f57ff3bb627203343b886a40e8bc2c500 (patch) | |
| tree | 2dc19a44f85613fe663d0bb69825b89fbb5a9f2e /sbin/ipsecctl | |
| parent | 2c8eb1dc45e0453de62ecd525640ab3831ad31cf (diff) | |
better wording for the key generation section;
Diffstat (limited to 'sbin/ipsecctl')
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index 9893f548413..5855d41024e 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.70 2006/08/30 12:54:57 jmc Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.71 2006/08/30 12:58:25 jmc Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -728,11 +728,14 @@ Different authentication types may also require different sized keys: .El .Pp It is very important that keys are not guessable. -One practical way of generating 160-bit (20-byte) keys is a follows: +One practical way of generating keys is to use +.Xr openssl 1 . +The following generates a 160-bit (20-byte) key: .Bd -literal -offset indent $ openssl rand 20 | hexdump -e '20/1 "%02x"' .Ed .Sh SEE ALSO +.Xr openssl 1 , .\".Xr ipcomp 4 , .Xr ipsec 4 , .Xr tcp 4 , |