version 1.127, 2004/03/24 23:36:26 |
version 1.128, 2004/12/22 02:08:59 |
|
|
</head> |
</head> |
|
|
<body bgcolor="#ffffff" text="#000000" link="#23238e"> |
<body bgcolor="#ffffff" text="#000000" link="#23238e"> |
<img align="left" alt="[OpenBSD]" height="166" width="197" SRC="images/blowfish-notext.jpg"> |
<img align="left" alt="[OpenBSD]" height="166" width="197" src="images/blowfish-notext.jpg"> |
<br> |
<br> |
<br> |
<br> |
<br> |
<br> |
|
|
<hr> |
<hr> |
|
|
<strong>Index</strong><br> |
<strong>Index</strong><br> |
<a href="#why">Why do we ship cryptography?</a>.<br> |
<a href="#why">Why do we ship cryptography?</a>.<br> |
<a href="#ssh">OpenSSH</a>.<br> |
<a href="#ssh">OpenSSH</a>.<br> |
<a href="#prng">Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br> |
<a href="#prng">Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br> |
<a href="#hash">Cryptographic Hash Functions</a>: MD5, SHA1, ...<br> |
<a href="#hash">Cryptographic Hash Functions</a>: MD5, SHA1, ...<br> |
<a href="#trans">Cryptographic Transforms</a>: DES, Blowfish, ...<br> |
<a href="#trans">Cryptographic Transforms</a>: DES, Blowfish, ...<br> |
|
|
|
|
As of the 2.6 release, OpenBSD contains |
As of the 2.6 release, OpenBSD contains |
<a href="http://www.openssh.com/">OpenSSH</a>, an absolutely free and |
<a href="http://www.openssh.com/">OpenSSH</a>, an absolutely free and |
patent unencumbered version of ssh. |
patent unencumbered version of ssh. |
<a href="http://www.openssh.com/">OpenSSH</a> interoperated with ssh |
<a href="http://www.openssh.com/">OpenSSH</a> interoperated with ssh |
version 1 and had many added features, |
version 1 and had many added features, |
<ul> |
<ul> |
|
|
<a name="prng"></a> |
<a name="prng"></a> |
<h3><font color="#e00000">Pseudo Random Number Generators</font></h3><p> |
<h3><font color="#e00000">Pseudo Random Number Generators</font></h3><p> |
|
|
A Pseudo Random Number Generator (PRNG) provides applications with a stream of |
A Pseudo Random Number Generator (PRNG) provides applications with a stream of |
numbers which have certain important properties for system security:<p> |
numbers which have certain important properties for system security:<p> |
|
|
<ul> |
<ul> |
|
|
|
|
In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
e.g:<p> |
e.g:<p> |
<ul> |
<ul> |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">S/Key(1)</a> |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">S/Key(1)</a> |
to provide one time passwords. |
to provide one time passwords. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">IPsec(4)</a> |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">IPsec(4)</a> |
|
|
<li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ises&sektion=4"> |
<li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ises&sektion=4"> |
Securealink PCC-ISES</a></b><br> |
Securealink PCC-ISES</a></b><br> |
The <a href="http://www.safenet-inc.com/technology/chips/safexcel_ises.asp"> |
The <a href="http://www.safenet-inc.com/technology/chips/safexcel_ises.asp"> |
PCC-ISES</a> is a new chipset from the Netherlands. We have received |
PCC-ISES</a> is a new chipset from the Netherlands. We have received |
sample hardware and documentation, and work on a driver is in progress. |
sample hardware and documentation, and work on a driver is in progress. |
At the moment, the driver is capable of feeding random numbers into |
At the moment, the driver is capable of feeding random numbers into |
the kernel entropy pool. |
the kernel entropy pool. |
<p> |
<p> |
|
|
|
|
<li>Encrypting Virtual Memory.<br> |
<li>Encrypting Virtual Memory.<br> |
<a href="events.html#sec2000">Usenix Security 2000</a>, |
<a href="events.html#sec2000">Usenix Security 2000</a>, |
<a href="mailto:provos@openbsd.org">Niels Provos</a>.<br> |
<a href="mailto:provos@openbsd.org">Niels Provos</a>.<br> |
<a href="papers/swapencrypt.ps">paper</a> and |
<a href="papers/swapencrypt.ps">paper</a> and |
<a href="papers/swapencrypt-slides.ps">slides</a>. |
<a href="papers/swapencrypt-slides.ps">slides</a>. |
<p> |
<p> |
<li>The Design of the OpenBSD Cryptographic Framework.<br> |
<li>The Design of the OpenBSD Cryptographic Framework.<br> |