=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/crypto.html,v retrieving revision 1.9 retrieving revision 1.10 diff -c -r1.9 -r1.10 *** www/crypto.html 1998/02/21 00:43:42 1.9 --- www/crypto.html 1998/02/23 18:36:03 1.10 *************** *** 1,11 **** ! ! OpenBSD Cryptography ! ! --- 1,11 ---- ! ! Cryptography in OpenBSD ! ! *************** *** 16,22 ****

OpenBSD Cryptography

- The OpenBSD project is based in Canada.

The Export Control --- 16,21 ---- *************** *** 35,66 **** We also require that such software is from a countries with useful export licenses because we do not wish to break the laws of any country.

! We use strong and weak crypto in different parts of the system:

! When we make OpenBSD releases or snapshots we do our build processes ! in free countries to assure that the sources and binaries we provide ! to users are free of tainting. In the past our release binary builds ! have been done in Canada, Sweden, and Germany.

! ! This site Copyright © 1996-1998 OpenBSD.
! $OpenBSD: crypto.html,v 1.9 1998/02/21 00:43:42 deraadt Exp $ ! ! ! --- 34,126 ---- We also require that such software is from a countries with useful export licenses because we do not wish to break the laws of any country.

! When we make OpenBSD releases or snapshots we do our build processes ! in free countries to assure that the sources and binaries we provide ! to users are free of tainting. In the past our release binary builds ! have been done in Canada, Sweden, and Germany.

+ Today cryptography is an important mean for enhancing the security + of an operating system. The cryptography utilized in OpenBSD + can be classified into three different aspects:

+

+

+ +

Pseudo Random Number Generators

+ A Pseudo Random Number Generator (PRNG) provides applications with a stream of + numbers which have certain important properties for system security:

!

+ Since a PRNG is normally just an algorithm where the same initial + starting values will yield the same output. On a multiuser operating + system there are many sources which allow seeding the PRNG with random + data. The OpenBSD kernel uses the mouse interrupt timing, network data + interrupt latency, inter-keypress timing and disk IO information to + fill an entropy pool. Random numbers are available for kernel + routines and are exported via devices to userland programs. + In OpenBSD random numbers are used in many places, such as

+

+ +

+ +

Cryptographic Hash Functions

+ A Hash Function compresses its input data to a string of + constant size. For a Cryptographic Hash Function it is infeasible to find + + + In OpenBSD MD5 and SHA1 are used as Cryptographic Hash Functions, e.g. + + +

+ +

Cryptographic Transforms

+ Cryptographic Transforms are used to encrypt and decrypt data. There are + normally provided with an encryption key for data encryption and with a + decryption key for data decryption. The security of a Cryptographic Transform + should rely only on the keying material. + + OpenBSD provides, e.g. DES and Blowfish encryption for the kernel and userland + programs, which are used, e.g. + + +

! OpenBSD ! www@openbsd.org !
! $OpenBSD: crypto.html,v 1.10 1998/02/23 18:36:03 deraadt Exp $ ! !