- We use passphrase authentication, so overall security fully depends on
its strength. You should use long, high-entropy passphrases.
Also remember to keep passphrase in temporary file and read it securely
as described in verifier.
- You must never use the same key for multiple clients.
- You must use cryptographically good pseudo random number
generator. By default we use default
crypto/rand library that
reads /dev/urandom source. Some GNU/Linux and FreeBSD systems
are rather good with this entropy source. Closed proprietary ones are
always not and you must use optional EGD feature with them.