diff options
author | Toke Høiland-Jørgensen <toke@toke.dk> | 2021-04-14 21:39:43 +0200 |
---|---|---|
committer | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2021-06-06 16:28:18 +0200 |
commit | 35f88b305ab6a0e27b5ff1b445f63f544986e14e (patch) | |
tree | 76051c919ed62297191e1b18eab1525429b43068 /doc | |
parent | f1a824190c22f8159ad0f9378c2dd23e521eaf61 (diff) |
Nest: Allow specifying security keys as hex bytes as well as strings
Add support for specifying a password in hexadecimal format, The result
is the same whether a password is specified as a quoted string or a
hex-encoded byte string, this just makes it more convenient to input
high-entropy byte strings as MAC keys.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/bird.sgml | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml index bd1ed7ed..01725128 100644 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@ -776,7 +776,7 @@ agreement"). protocol packets are processed in the local TX queues. This option is Linux specific. Default value is 7 (highest priority, privileged traffic). - <tag><label id="proto-pass">password "<m/password/" [ { <m>password options</m> } ]</tag> + <tag><label id="proto-pass">password "<m/password/" | <m/hex_key/ [ { <m>password options</m> } ] </tag> Specifies a password that can be used by the protocol as a shared secret key. Password option can be used more times to specify more passwords. If more passwords are specified, it is a protocol-dependent decision @@ -784,6 +784,11 @@ agreement"). authentication is enabled, authentication can be enabled by separate, protocol-dependent <cf/authentication/ option. + A password can also be specified as a hexadecimal key. <m/hex_key/ is a + sequence of hexadecimal digit pairs, optionally colon-separated. A key + specified this way must be at least 16 bytes (32 digits) long (although + specific algorithms can impose other restrictions). + This option is allowed in BFD, OSPF and RIP protocols. BGP has also <cf/password/ option, but it is slightly different and described separately. |