[ViewVC] Diff of: cvs/gvpe/doc/gvpe.5.pod

Comparing gvpe/doc/gvpe.5.pod (file contents):
Revision 1.9 by pcg, Mon Sep 1 06:06:11 2008 UTC vs.
Revision 1.10 by root, Wed Jul 10 01:51:40 2013 UTC

 =back
 =head2 GVPE DESIGN GOALS
 =over 4
 =item SIMPLE DESIGN
 Cipher, HMAC algorithms and other key parameters must be selected
 at compile time - this makes it possible to only link in algorithms
 gvpe. MD4 has been broken and is quite insecure, though, so using another
 digest algorithm is recommended.
 =head2 MAXIMIZE SECURITY
-   ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1
+   ./configure --enable-hmac-length=16 --enable-rand-length=16 --enable-digest=sha384
 This uses a 16 byte HMAC checksum to authenticate packets (I guess 8-12
 would also be pretty secure ;) and will additionally prefix each packet
-with 8 bytes of random data. In the long run, people should move to
+with 16 bytes of random data.
-SHA-256 and beyond).
 In general, remember that AES-128 seems to be as secure but faster than
 AES-192 or AES-256, more randomness helps against sniffing and a longer
 HMAC helps against spoofing. MD4 is a fast digest, SHA1, RIPEMD160, SHA256
 are consecutively better, and Blowfish is a fast cipher (and also quite

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines