=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/crypto.html,v retrieving revision 1.9 retrieving revision 1.10 diff -c -r1.9 -r1.10 *** www/crypto.html 1998/02/21 00:43:42 1.9 --- www/crypto.html 1998/02/23 18:36:03 1.10 *************** *** 1,11 **** !
!
The Export Control
--- 16,21 ----
***************
*** 35,66 ****
We also require that such software is from a countries with useful export
licenses because we do not wish to break the laws of any country.
! We use strong and weak crypto in different parts of the system:
! When we make OpenBSD releases or snapshots we do our build processes
! in free countries to assure that the sources and binaries we provide
! to users are free of tainting. In the past our release binary builds
! have been done in Canada, Sweden, and Germany.
! When we make OpenBSD releases or snapshots we do our build processes
! in free countries to assure that the sources and binaries we provide
! to users are free of tainting. In the past our release binary builds
! have been done in Canada, Sweden, and Germany.
+ Today cryptography is an important mean for enhancing the security
+ of an operating system. The cryptography utilized in OpenBSD
+ can be classified into three different aspects:
+
+
+
!
+
+
+
+
+
!
!
! This site Copyright © 1996-1998 OpenBSD.
! $OpenBSD: crypto.html,v 1.9 1998/02/21 00:43:42 deraadt Exp $
!
!
!
--- 34,126 ----
We also require that such software is from a countries with useful export
licenses because we do not wish to break the laws of any country.
!
+
Pseudo Random Number Generators
+ A Pseudo Random Number Generator (PRNG) provides applications with a stream of
+ numbers which have certain important properties for system security:
!
+ Since a PRNG is normally just an algorithm where the same initial
+ starting values will yield the same output. On a multiuser operating
+ system there are many sources which allow seeding the PRNG with random
+ data. The OpenBSD kernel uses the mouse interrupt timing, network data
+ interrupt latency, inter-keypress timing and disk IO information to
+ fill an entropy pool. Random numbers are available for kernel
+ routines and are exported via devices to userland programs.
+ In OpenBSD random numbers are used in many places, such as
+
+
+ Cryptographic Hash Functions
+ A Hash Function compresses its input data to a string of
+ constant size. For a Cryptographic Hash Function it is infeasible to find
+
+
+
+ In OpenBSD MD5 and SHA1 are used as Cryptographic Hash Functions, e.g.
+
+
+
+ Cryptographic Transforms
+ Cryptographic Transforms are used to encrypt and decrypt data. There are
+ normally provided with an encryption key for data encryption and with a
+ decryption key for data decryption. The security of a Cryptographic Transform
+ should rely only on the keying material.
+
+ OpenBSD provides, e.g. DES and Blowfish encryption for the kernel and userland
+ programs, which are used, e.g.
+
+
+
+
!
! www@openbsd.org
!
! $OpenBSD: crypto.html,v 1.10 1998/02/23 18:36:03 deraadt Exp $
!