From 41b994c3243480f360fe9a2eadb32cc1fcf1239e Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Thu, 28 Apr 2011 02:35:16 +0200 Subject: [PATCH] manual: gcrypt updates. This incudes libgcrypt in the remark on crypto security and adds an external link to the libgcrypt web page. --- web/manual.m4 | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/web/manual.m4 b/web/manual.m4 index 2af59f53..3193a2f0 100644 --- a/web/manual.m4 +++ b/web/manual.m4 @@ -214,11 +214,13 @@ In any case you'll need scripts which run during compilation require the EMPH(Bourne again shell). It is most likely already installed. - - XREFERENCE(http://www.openssl.org/, openssl). The EMPH(Secure - Sockets Layer) library is needed for cryptographic routines - on both the server and the client side. It is usually shipped - with the distro, but you might have to install the "development - package" (called libssl-dev on debian systems) as well. + - XREFERENCE(http://www.openssl.org/, openssl) or + XREFERENCE(ftp://ftp.gnupg.org/gcrypt/libgcrypt/, libgcrypt). + At least one of these two libraries is needed as the backend + for cryptographic routines on both the server and the client + side. Both openssl and libgcrypt are usually shipped with the + distro, but you might have to install the development package + (libssl-dev or libgcrypt-dev on debian systems) as well. - XREFERENCE(ftp://ftp.gnu.org/pub/gnu/help2man, help2man) is used to create the man pages. @@ -526,10 +528,10 @@ as follows: this point on the communication is encrypted using the RC4 stream cipher with the session key known to both peers. -paraslash relies on the quality of openssl's cryptographically strong -pseudo-random bytes, on the security of the implementation of the -openssl RSA and RC4 crypto routines and on the infeasibility to invert -the SHA1 function. +paraslash relies on the quality of the pseudo-random bytes provided +by the crypto library (openssl or libgcrypt), on the security of +the implementation of the RSA and RC4 crypto routines and on the +infeasibility to invert the SHA1 function. Neither para_server or para_client create RSA keys on their own. This has to be done once for each user as sketched in REFERENCE(Quick start, -- 2.30.2