From a0c1696515fabd2183da7d8d83fd68410d2ec834 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 25 Mar 2002 15:12:09 +0000 Subject: [PATCH] Tell a little bit more about security. --- doc/tinc.texi | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 8f73e9f9..dfd11598 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.25 2002/03/25 15:12:09 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ +$Id: tinc.texi,v 1.8.4.25 2002/03/25 15:12:09 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ +$Id: tinc.texi,v 1.8.4.25 2002/03/25 15:12:09 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -1673,8 +1673,13 @@ the tinc project after TINC. But in order to be ``immune'' to eavesdropping, you'll have to encrypt your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does exactly that: encrypt. -tinc uses blowfish encryption in CBC mode, sequence numbers and message authentication codes -to make sure eavesdroppers cannot get and cannot change any information at all from the packets they can intercept. +tinc by default uses blowfish encryption with 256 bit keys in CBC mode, 32 bit +sequence numbers and 4 byte long message authentication codes to make sure +eavesdroppers cannot get and cannot change any information at all from the +packets they can intercept. The encryption algorithm and message authentication +algorithm can be changed in the configuration. The length of the message +authentication codes is also adjustable. The length of the key for the +encryption algorithm is always the maximum length that is supported. @menu * Authentication protocol:: -- 2.20.1