From d510154ba22fca35ff89db1ab03372db15871bd6 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 21 May 2013 14:02:45 +0200
Subject: [PATCH] Add recommendation on password security to keyfile
 description

---
 chrony.texi.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/chrony.texi.in b/chrony.texi.in
index ce557cc..4ef8ecf 100644
--- a/chrony.texi.in
+++ b/chrony.texi.in
@@ -1755,6 +1755,10 @@ password can be encoded as a string of characters not containing a space with
 optional @code{ASCII:} prefix or as a hexadecimal number with @code{HEX:}
 prefix.
 
+For maximum security, it's recommended to use SHA1 or stronger hash function.
+The passwords should be random and they should be as long as the output size of
+the configured hash function, e.g. 160 bits with SHA1.
+
 The ID for the chronyc authentication key is specified with the commandkey
 command (see earlier). The command key can be generated automatically on
 start with the @code{generatecommandkey} directive.