From: Sergey Matveev <stargrave@stargrave.org>
Date: Mon, 16 Mar 2015 09:50:36 +0000 (+0300)
Subject: [DOC] Remark about good PRNG requirement
X-Git-Tag: 2.3^2~20
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=f8c18d072e7693a06c023e97d7d4810209cb0ad2;p=govpn.git

[DOC] Remark about good PRNG requirement

Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
---

diff --git a/doc/govpn.texi b/doc/govpn.texi
index a7e32f1..333be6c 100644
--- a/doc/govpn.texi
+++ b/doc/govpn.texi
@@ -27,6 +27,7 @@ network (VPN) daemon, written entirely on Go programming language.
 * Overview::
 * News::
 * Getting and building source code::
+* Precautions::
 * User manual::
 * Developer manual::
 * Reporting bugs::
@@ -156,6 +157,25 @@ directory:
 
 @include pubkey.texi
 
+@node Precautions
+@unnumbered Precautions
+
+The very important precaution is the @strong{cryptographically good}
+pseudo random number generator. GoVPN uses native operating system PRNG
+as entropy source. You have no way to check it's quality in closed
+source code operating systems, so it is recommended not to use them if
+you really needs security. Moreover it is possible that those OS leaks
+information about possible PRNG states. And at least Apple OS X and
+Microsoft Windows are already known to have weak CSPRNGs.
+
+GoVPN could use it's own PRNG implementation like Fortuna, but it is
+much easier to use the right OS, to use free software.
+
+Also you should @strong{never} use one key for multiple clients. Salsa20
+encryption is randomized in each session, but it depends again on PRNG.
+If it fails, produces equal values at least once, then all you traffic
+related to that key could be decrypted.
+
 @node User manual
 @unnumbered User manual