diff options
| -rw-r--r-- | sbin/ipsecadm/ipsecadm.1 | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/sbin/ipsecadm/ipsecadm.1 b/sbin/ipsecadm/ipsecadm.1 index 168293f3c2e..1cd81e0938e 100644 --- a/sbin/ipsecadm/ipsecadm.1 +++ b/sbin/ipsecadm/ipsecadm.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecadm.1,v 1.2 1998/12/29 12:01:26 deraadt Exp $ +.\" $OpenBSD: ipsecadm.1,v 1.3 1999/02/05 02:01:43 angelos Exp $ .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -202,13 +202,16 @@ for .Nm des and .Nm 3des -is fixed to 8 and 24 respectivly. For other ciphers like +is fixed to 8 and 24 respectively. For other ciphers like .Nm cast or .Nm blf the key length can be variable. The .Nm key -should be given in hexadecimal digits. +should be given in hexadecimal digits. The +.Nm key +should be chosen in random (ideally, using some true-random source like +coin flipping). It is very important that the key is not guessable. .It authkey The secret key material used for authentication if additional authentication in new esp mode is required. For @@ -216,7 +219,10 @@ old or new ah the key material for authentication is passed with the .Nm key option. The .Nm key -should be given in hexadecimal digits. +should be given in hexadecimal digits. The +.Nm key +should be chosen in random (ideally, using some true-random source like +coin flipping). It is very important that the key is not guessable. .It iv The initialization vector used for encryption. In old esp mode you need to specify it as either four or eight byte long value. In new esp mode |