From 9dc499f133042bb8ab6e2089db708be0d13733bf Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Wed, 14 Jun 2000 23:03:21 +0000 Subject: [PATCH] Updated to reflect the existence of the entropy API --- doc/misc/dnssec | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/doc/misc/dnssec b/doc/misc/dnssec index 949c44d822..392248a08d 100644 --- a/doc/misc/dnssec +++ b/doc/misc/dnssec @@ -15,11 +15,10 @@ The tools for generating DNSSEC keys and signatures are now in the bin/dnssec directory. Documentation for these programs can be found in doc/arm/Bv9ARM.4.html. -The random data used in generating DNSSEC keys and signatures -currently contains a significant pseudo-random component and is -therefore not cryptographically strong. We do not recommend that keys -generated by the key generation tools in this distribution be used in -production. +The random data used in generating DNSSEC keys and signatures comes from +/dev/random if the OS supports that. Otherwise, the DNSSEC tools must +be fed a file containing entropy/random data. Future releases will allow +entropy to be entered manually from the keyboard. Serving secure zones @@ -69,4 +68,4 @@ an update occurs. Advanced access control is possible using the "update-policy" statement in the zone definition. -$Id: dnssec,v 1.2 2000/05/23 16:41:25 gson Exp $ +$Id: dnssec,v 1.3 2000/06/14 23:03:21 bwelling Exp $