X-Git-Url: https://sipb.mit.edu/gitweb.cgi/wiki.git/blobdiff_plain/b0bd3ddb6f640b58f72a4c8d9d240714773130e9..da24dfac28db6666718883a5619dc17c53e928a3:/doc/zcrypt.mdwn

diff --git a/doc/zcrypt.mdwn b/doc/zcrypt.mdwn
index ee75aa9..c4cb604 100644
--- a/doc/zcrypt.mdwn
+++ b/doc/zcrypt.mdwn
@@ -17,7 +17,7 @@ The main requirement for a `zcrypt`ed zephyr class is to distribute a key to all
 
 The first three lines create a directory to store the key, and set the permissions properly. You should replace `label` with an appropriate name; you may want to use something besides the class name in order to help keep the class name private. Subbing to the class will disclose traffic patterns and instances used, so you may want to use the traditional "secret class" (keeping the name secret) as a first line of defense, in addition to `zcrypt`.
 
-The last line creates the key, which should be a random byte string of at least 126 characters, none of which should be null or newlines.
+The last line creates the key, which should be a random byte string of at least 126 characters, none of which should be null or newlines. (Nulls and newlines terminate the key, so if `/dev/urandom` happens to give a null or newline early (which is certainly plausible) you could end up with a much weaker key than you expected.)
 
 ## Subbing to a `zcrypt`ed zephyr class