From 4e366d5048aeb92c190efa2102cc7ec59e0318fd Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 6 Dec 2001 16:43:21 +0000 Subject: [PATCH] - stevesk@cvs.openbsd.org 2001/11/21 18:49:14 [ssh-keygen.1] more on passphrase construction; ok markus@ --- ChangeLog | 5 ++++- ssh-keygen.1 | 10 +++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index c88aff274..f7d078a1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ - markus@cvs.openbsd.org 2001/11/21 15:51:24 [key.c] mem leak + - stevesk@cvs.openbsd.org 2001/11/21 18:49:14 + [ssh-keygen.1] + more on passphrase construction; ok markus@ 20011126 - (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c, @@ -6945,4 +6948,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1673 2001/12/06 16:41:41 mouring Exp $ +$Id: ChangeLog,v 1.1674 2001/12/06 16:43:21 mouring Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 622cb5c99..d8baa43bc 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.50 2001/10/25 21:14:32 markus Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.51 2001/11/21 18:49:14 stevesk Exp $ .\" .\" -*- nroff -*- .\" @@ -111,10 +111,14 @@ The program also asks for a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. -Good passphrases are 10-30 characters long and are +A passphrase is similar to a password, except it can be a phrase with a +series of words, punctuation, numbers, whitespace, or any string of +characters you want. +Good passphrases are 10-30 characters long, are not simple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per character, and provides very bad -passphrases). +passphrases), and contain a mix of upper and lowercase letters, +numbers, and non-alphanumeric characters. The passphrase can be changed later by using the .Fl p option.