| version 1.13, 1998/02/23 21:46:03 |
version 1.14, 1998/02/24 00:26:51 |
|
|
| So far random numbers are used in the following places<p> |
So far random numbers are used in the following places<p> |
| |
|
| <ul> |
<ul> |
| <li>ports of a bound socket, |
<li>Dynamic sin_port allocation in bind(2). |
| <li>PIDs of processes, |
<li>PIDs of processes. |
| <li>RPC transaction IDs, |
<li>RPC transaction IDs (XID). |
| <li>DNS Query-IDs, |
<li>NFS RPC transaction IDs (XID). |
| <li>inode generation numbers and |
<li>DNS Query-IDs. |
| <li>password salts. |
<li>Inode generation numbers, see getfh(2) and fsirand(8). |
| |
<li>Timing perturbance in traceroute(1). |
| |
<li>Stronger temporary names for mktemp(3) and mkstemp(3) |
| |
<li>Randomness added to the TCP ISS value for protection against |
| |
spoofing attacks. |
| |
<li>To generate salts for the various password algorithms. |
| |
<li>For generating fake S/Key challenges. |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
|
|
| In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
| e.g. |
e.g. |
| <ul> |
<ul> |
| <li>in S/Key to provide one time passwords, |
<li>In S/Key support to provide one time passwords. |
| <li>in <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/> |
<li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/> |
| IPSec or Photuris</a> to authenticate the data origin of packets |
IPSec or Photuris</a> to authenticate the data origin of packets |
| and to ensure packet integrity. |
and to ensure packet integrity. |
| |
<li>For FreeBSD-style MD5 passwords (not enabled by default). |
| |
<li>For TCP SYN cookie support (not enabled by default). |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
|
|
| OpenBSD provides transforms like DES and Blowfish for the kernel and userland |
OpenBSD provides transforms like DES and Blowfish for the kernel and userland |
| programs, which are used in many places like |
programs, which are used in many places like |
| <ul> |
<ul> |
| <li>in libc for creating Blowfish passwords, |
<li>In libc for creating Blowfish passwords. |
| <li>in <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>IPSec</a> |
<li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>IPSec</a> |
| to provide confidentiality for the network layer, |
to provide confidentiality for the network layer. |
| <li>in kerberized telnet, |
<li>In kerberized telnet. |
| <li>in Photuris to protect the exchanged packet content. |
<li>In Photuris to protect the exchanged packet content. |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to crypto.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www