Add recommendation on password security to keyfile description

author Miroslav Lichvar <mlichvar@redhat.com>

Tue, 21 May 2013 12:02:45 +0000 (14:02 +0200)

committer Miroslav Lichvar <mlichvar@redhat.com>

Tue, 21 May 2013 12:02:45 +0000 (14:02 +0200)
author Miroslav Lichvar <mlichvar@redhat.com>
Tue, 21 May 2013 12:02:45 +0000 (14:02 +0200)
committer Miroslav Lichvar <mlichvar@redhat.com>
Tue, 21 May 2013 12:02:45 +0000 (14:02 +0200)
diff --git a/chrony.texi.in b/chrony.texi.in

index ce557cc0036ad57332f28f188eb7a94f3c1e995a..4ef8ecf937aec336edcda91945161649b50a941f 100644 (file)
--- a/chrony.texi.in
+++ b/chrony.texi.in
@@ -1755,6 +1755,10 @@ password can be encoded as a string of characters not containing a space with
  optional @code{ASCII:} prefix or as a hexadecimal number with @code{HEX:}
  prefix.
  
+For maximum security, it's recommended to use SHA1 or stronger hash function.
+The passwords should be random and they should be as long as the output size of
+the configured hash function, e.g. 160 bits with SHA1.
+
  The ID for the chronyc authentication key is specified with the commandkey
  command (see earlier). The command key can be generated automatically on
  start with the @code{generatecommandkey} directive.
author	Miroslav Lichvar <mlichvar@redhat.com>
	Tue, 21 May 2013 12:02:45 +0000 (14:02 +0200)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Tue, 21 May 2013 12:02:45 +0000 (14:02 +0200)