===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/crypto.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -c -r1.13 -r1.14
*** www/crypto.html	1998/02/23 21:46:03	1.13
--- www/crypto.html	1998/02/24 00:26:51	1.14
***************
*** 72,83 ****
  So far random numbers are used in the following places<p>
  
  <ul>
! <li>ports of a bound socket,
! <li>PIDs of processes,
! <li>RPC transaction IDs,
! <li>DNS Query-IDs,
! <li>inode generation numbers and
! <li>password salts.
  </ul>
  
  <p>
--- 72,89 ----
  So far random numbers are used in the following places<p>
  
  <ul>
! <li>Dynamic sin_port allocation in bind(2).
! <li>PIDs of processes.
! <li>RPC transaction IDs (XID).
! <li>NFS RPC transaction IDs (XID).
! <li>DNS Query-IDs.
! <li>Inode generation numbers, see getfh(2) and fsirand(8).
! <li>Timing perturbance in traceroute(1).
! <li>Stronger temporary names for mktemp(3) and mkstemp(3)
! <li>Randomness added to the TCP ISS value for protection against
! 	spoofing attacks.
! <li>To generate salts for the various password algorithms.
! <li>For generating fake S/Key challenges.
  </ul>
  
  <p>
***************
*** 94,103 ****
  In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions,
  e.g.
  <ul> 
! <li>in S/Key to provide one time passwords,
! <li>in <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>
  	IPSec or Photuris</a> to authenticate the data origin of packets
  	and to ensure packet integrity.
  </ul>
  
  <p>
--- 100,111 ----
  In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions,
  e.g.
  <ul> 
! <li>In S/Key support to provide one time passwords.
! <li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>
  	IPSec or Photuris</a> to authenticate the data origin of packets
  	and to ensure packet integrity.
+ <li>For FreeBSD-style MD5 passwords (not enabled by default).
+ <li>For TCP SYN cookie support (not enabled by default).
  </ul>
  
  <p>
***************
*** 111,121 ****
  OpenBSD provides transforms like DES and Blowfish for the kernel and userland
  programs, which are used in many places like
  <ul>
! <li>in libc for creating Blowfish passwords,
! <li>in <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>IPSec</a>
! 	to provide confidentiality for the network layer,
! <li>in kerberized telnet,
! <li>in Photuris to protect the exchanged packet content.
  </ul>
  
  <p>
--- 119,129 ----
  OpenBSD provides transforms like DES and Blowfish for the kernel and userland
  programs, which are used in many places like
  <ul>
! <li>In libc for creating Blowfish passwords.
! <li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>IPSec</a>
! 	to provide confidentiality for the network layer.
! <li>In kerberized telnet.
! <li>In Photuris to protect the exchanged packet content.
  </ul>
  
  <p>
***************
*** 123,129 ****
  <a href=/index.html><img src=/back.gif border=0 alt=OpenBSD></a>
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
  <br>
! <small>$OpenBSD: crypto.html,v 1.13 1998/02/23 21:46:03 deraadt Exp $</small>
  
  </body>
  </html>
--- 131,137 ----
  <a href=/index.html><img src=/back.gif border=0 alt=OpenBSD></a>
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
  <br>
! <small>$OpenBSD: crypto.html,v 1.14 1998/02/24 00:26:51 deraadt Exp $</small>
  
  </body>
  </html>