manual: gcrypt updates.

This incudes libgcrypt in the remark on crypto security and
adds an external link to the libgcrypt web page.

diff --git a/web/manual.m4 b/web/manual.m4
index 2af59f5376b4ecfadc6ce12a38b5781698b276ce..3193a2f0ca6ef3901c8cb4c08e897d3e50c65dd3 100644 (file)
--- a/web/manual.m4
+++ b/web/manual.m4
@@ -214,11 +214,13 @@ In any case you'll need
        scripts which run during compilation require the EMPH(Bourne
        again shell).  It is most likely already installed.
 
        scripts which run during compilation require the EMPH(Bourne
        again shell).  It is most likely already installed.
 

-       - XREFERENCE(http://www.openssl.org/, openssl). The EMPH(Secure
-       Sockets Layer) library is needed for cryptographic routines
-       on both the server and the client side. It is usually shipped
-       with the distro, but you might have to install the "development
-       package" (called libssl-dev on debian systems) as well.
+       - XREFERENCE(http://www.openssl.org/, openssl) or
+       XREFERENCE(ftp://ftp.gnupg.org/gcrypt/libgcrypt/, libgcrypt).
+       At least one of these two libraries is needed as the backend
+       for cryptographic routines on both the server and the client
+       side. Both openssl and libgcrypt are usually shipped with the
+       distro, but you might have to install the development package
+       (libssl-dev or libgcrypt-dev on debian systems) as well.

 
        - XREFERENCE(ftp://ftp.gnu.org/pub/gnu/help2man, help2man)
        is used to create the man pages.
 
        - XREFERENCE(ftp://ftp.gnu.org/pub/gnu/help2man, help2man)
        is used to create the man pages.


@@ -526,10 +528,10 @@ as follows:
        this point on the communication is encrypted using the RC4
        stream cipher with the session key known to both peers.
 
        this point on the communication is encrypted using the RC4
        stream cipher with the session key known to both peers.
 

-paraslash relies on the quality of openssl's cryptographically strong
-pseudo-random bytes, on the security of the implementation of the
-openssl RSA and RC4 crypto routines and on the infeasibility to invert
-the SHA1 function.
+paraslash relies on the quality of the pseudo-random bytes provided
+by the crypto library (openssl or libgcrypt), on the security of
+the implementation of the RSA and RC4 crypto routines and on the
+infeasibility to invert the SHA1 function.

 
 Neither para_server or para_client create RSA keys on their own. This
 has to be done once for each user as sketched in REFERENCE(Quick start,
 
 Neither para_server or para_client create RSA keys on their own. This
 has to be done once for each user as sketched in REFERENCE(Quick start,