From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 21 May 2013 12:02:45 +0000 (+0200)
Subject: Add recommendation on password security to keyfile description
X-Git-Tag: 1.28-pre1~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d510154ba22fca35ff89db1ab03372db15871bd6;p=thirdparty%2Fchrony.git

Add recommendation on password security to keyfile description
---

diff --git a/chrony.texi.in b/chrony.texi.in
index ce557cc0..4ef8ecf9 100644
--- a/chrony.texi.in
+++ b/chrony.texi.in
@@ -1755,6 +1755,10 @@ password can be encoded as a string of characters not containing a space with
 optional @code{ASCII:} prefix or as a hexadecimal number with @code{HEX:}
 prefix.
 
+For maximum security, it's recommended to use SHA1 or stronger hash function.
+The passwords should be random and they should be as long as the output size of
+the configured hash function, e.g. 160 bits with SHA1.
+
 The ID for the chronyc authentication key is specified with the commandkey
 command (see earlier). The command key can be generated automatically on
 start with the @code{generatecommandkey} directive.