regen
This commit is contained in:
Automatic Updater
@@ -12,48 +12,50 @@
|
||||
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
.\" PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.\" $Id: isc-hmac-fixup.8,v 1.2 2010/01/07 23:48:53 tbox Exp $
|
||||
.\" $Id: isc-hmac-fixup.8,v 1.3 2010/01/08 01:14:07 tbox Exp $
|
||||
.\"
|
||||
.hy 0
|
||||
.ad l
|
||||
.\"Generated by db2man.xsl. Don't modify this, modify the source.
|
||||
.de Sh \" Subsection
|
||||
.br
|
||||
.if t .Sp
|
||||
.ne 5
|
||||
.PP
|
||||
\fB\\$1\fR
|
||||
.PP
|
||||
..
|
||||
.de Sp \" Vertical space (when we can't use .PP)
|
||||
.if t .sp .5v
|
||||
.if n .sp
|
||||
..
|
||||
.de Ip \" List item
|
||||
.br
|
||||
.ie \\n(.$>=3 .ne \\$3
|
||||
.el .ne 3
|
||||
.IP "\\$1" \\$2
|
||||
..
|
||||
.TH "ISC-HMAC-FIXUP" 1 "January 5, 2010" "" ""
|
||||
.SH NAME
|
||||
isc-hmac-fixup \- fixes HMAC keys generated by older versions of BIND
|
||||
.\" Title: isc\-hmac\-fixup
|
||||
.\" Author:
|
||||
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
|
||||
.\" Date: January 5, 2010
|
||||
.\" Manual: BIND9
|
||||
.\" Source: BIND9
|
||||
.\"
|
||||
.TH "ISC\-HMAC\-FIXUP" "1" "January 5, 2010" "BIND9" "BIND9"
|
||||
.\" disable hyphenation
|
||||
.nh
|
||||
.\" disable justification (adjust text to left margin only)
|
||||
.ad l
|
||||
.SH "NAME"
|
||||
isc\-hmac\-fixup \- fixes HMAC keys generated by older versions of BIND
|
||||
.SH "SYNOPSIS"
|
||||
.HP 15
|
||||
\fBisc\-hmac\-fixup\fR {\fIalgorithm\fR} {\fIsecret\fR}
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
Versions of BIND 9 up to and including BIND 9\&.6 had a bug causing HMAC\-SHA* TSIG keys which were longer than the digest length of the hash algorithm (i\&.e\&., SHA1 keys longer than 160 bits, SHA256 keys longer than 256 bits, etc) to be used incorrectly, generating a message authentication code that was incompatible with other DNS implementations\&.
|
||||
Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC\-SHA* TSIG keys which were longer than the digest length of the hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys longer than 256 bits, etc) to be used incorrectly, generating a message authentication code that was incompatible with other DNS implementations.
|
||||
.PP
|
||||
This bug has been fixed in BIND 9\&.7\&. However, the fix may cause incompatibility between older and newer versions of BIND, when using long keys\&. \fBisc\-hmac\-fixup\fR modifies those keys to restore compatibility\&.
|
||||
This bug has been fixed in BIND 9.7. However, the fix may cause incompatibility between older and newer versions of BIND, when using long keys.
|
||||
\fBisc\-hmac\-fixup\fR
|
||||
modifies those keys to restore compatibility.
|
||||
.PP
|
||||
To modify a key, run \fBisc\-hmac\-fixup\fR and specify the key's algorithm and secret on the command line\&. If the secret is longer than the digest length of the algorithm (64 bytes for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a new secret will be generated consisting of a hash digest of the old secret\&. (If the secret did not require conversion, then it will be printed without modification\&.)
|
||||
To modify a key, run
|
||||
\fBisc\-hmac\-fixup\fR
|
||||
and specify the key's algorithm and secret on the command line. If the secret is longer than the digest length of the algorithm (64 bytes for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a new secret will be generated consisting of a hash digest of the old secret. (If the secret did not require conversion, then it will be printed without modification.)
|
||||
.SH "SECURITY CONSIDERATIONS"
|
||||
.PP
|
||||
Secrets that have been converted by \fBisc\-hmac\-fixup\fR are shortened, but as this is how the HMAC protocol works in operation anyway, it does not affect security\&. RFC 2104 notes, "Keys longer than [the digest length] are acceptable but the extra length would not significantly increase the function strength\&."
|
||||
Secrets that have been converted by
|
||||
\fBisc\-hmac\-fixup\fR
|
||||
are shortened, but as this is how the HMAC protocol works in operation anyway, it does not affect security. RFC 2104 notes, "Keys longer than [the digest length] are acceptable but the extra length would not significantly increase the function strength."
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
BIND 9 Administrator Reference Manual, RFC 2104\&.
|
||||
BIND 9 Administrator Reference Manual,
|
||||
RFC 2104.
|
||||
.SH "AUTHOR"
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
|
||||
@@ -14,12 +14,12 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- $Id: isc-hmac-fixup.html,v 1.2 2010/01/07 23:48:53 tbox Exp $ -->
|
||||
<!-- $Id: isc-hmac-fixup.html,v 1.3 2010/01/08 01:14:07 tbox Exp $ -->
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>isc-hmac-fixup</title>
|
||||
<meta name="generator" content="DocBook XSL Stylesheets V1.67.2">
|
||||
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
|
||||
</head>
|
||||
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
|
||||
<a name="man.isc-hmac-fixup"></a><div class="titlepage"></div>
|
||||
@@ -32,7 +32,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id215034"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543351"></a><h2>DESCRIPTION</h2>
|
||||
<p>
|
||||
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
|
||||
HMAC-SHA* TSIG keys which were longer than the digest length of the
|
||||
@@ -58,7 +58,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id215065"></a><h2>SECURITY CONSIDERATIONS</h2>
|
||||
<a name="id2543374"></a><h2>SECURITY CONSIDERATIONS</h2>
|
||||
<p>
|
||||
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
|
||||
are shortened, but as this is how the HMAC protocol works in
|
||||
@@ -69,14 +69,14 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id215080"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2543388"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 2104</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id215096"></a><h2>AUTHOR</h2>
|
||||
<a name="id2543405"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user