- stevesk@cvs.openbsd.org 2001/11/21 18:49:14
[ssh-keygen.1]
more on passphrase construction; ok markus@
diff --git a/ChangeLog b/ChangeLog
index c88aff2..f7d078a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,9 @@
- markus@cvs.openbsd.org 2001/11/21 15:51:24
[key.c]
mem leak
+ - stevesk@cvs.openbsd.org 2001/11/21 18:49:14
+ [ssh-keygen.1]
+ more on passphrase construction; ok markus@
20011126
- (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
@@ -6945,4 +6948,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1673 2001/12/06 16:41:41 mouring Exp $
+$Id: ChangeLog,v 1.1674 2001/12/06 16:43:21 mouring Exp $
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 622cb5c..d8baa43 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.50 2001/10/25 21:14:32 markus Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.51 2001/11/21 18:49:14 stevesk Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -111,10 +111,14 @@
The passphrase may be empty to indicate no passphrase
(host keys must have an empty passphrase), or it may be a string of
arbitrary length.
-Good passphrases are 10-30 characters long and are
+A passphrase is similar to a password, except it can be a phrase with a
+series of words, punctuation, numbers, whitespace, or any string of
+characters you want.
+Good passphrases are 10-30 characters long, are
not simple sentences or otherwise easily guessable (English
prose has only 1-2 bits of entropy per character, and provides very bad
-passphrases).
+passphrases), and contain a mix of upper and lowercase letters,
+numbers, and non-alphanumeric characters.
The passphrase can be changed later by using the
.Fl p
option.