version 1.13, 1998/02/23 21:46:03 |
version 1.14, 1998/02/24 00:26:51 |
|
|
So far random numbers are used in the following places<p> |
So far random numbers are used in the following places<p> |
|
|
<ul> |
<ul> |
<li>ports of a bound socket, |
<li>Dynamic sin_port allocation in bind(2). |
<li>PIDs of processes, |
<li>PIDs of processes. |
<li>RPC transaction IDs, |
<li>RPC transaction IDs (XID). |
<li>DNS Query-IDs, |
<li>NFS RPC transaction IDs (XID). |
<li>inode generation numbers and |
<li>DNS Query-IDs. |
<li>password salts. |
<li>Inode generation numbers, see getfh(2) and fsirand(8). |
|
<li>Timing perturbance in traceroute(1). |
|
<li>Stronger temporary names for mktemp(3) and mkstemp(3) |
|
<li>Randomness added to the TCP ISS value for protection against |
|
spoofing attacks. |
|
<li>To generate salts for the various password algorithms. |
|
<li>For generating fake S/Key challenges. |
</ul> |
</ul> |
|
|
<p> |
<p> |
|
|
In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
e.g. |
e.g. |
<ul> |
<ul> |
<li>in S/Key to provide one time passwords, |
<li>In S/Key support to provide one time passwords. |
<li>in <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/> |
<li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/> |
IPSec or Photuris</a> to authenticate the data origin of packets |
IPSec or Photuris</a> to authenticate the data origin of packets |
and to ensure packet integrity. |
and to ensure packet integrity. |
|
<li>For FreeBSD-style MD5 passwords (not enabled by default). |
|
<li>For TCP SYN cookie support (not enabled by default). |
</ul> |
</ul> |
|
|
<p> |
<p> |
|
|
OpenBSD provides transforms like DES and Blowfish for the kernel and userland |
OpenBSD provides transforms like DES and Blowfish for the kernel and userland |
programs, which are used in many places like |
programs, which are used in many places like |
<ul> |
<ul> |
<li>in libc for creating Blowfish passwords, |
<li>In libc for creating Blowfish passwords. |
<li>in <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>IPSec</a> |
<li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>IPSec</a> |
to provide confidentiality for the network layer, |
to provide confidentiality for the network layer. |
<li>in kerberized telnet, |
<li>In kerberized telnet. |
<li>in Photuris to protect the exchanged packet content. |
<li>In Photuris to protect the exchanged packet content. |
</ul> |
</ul> |
|
|
<p> |
<p> |