version 1.139, 2014/03/11 07:02:06 |
version 1.140, 2014/03/28 04:13:10 |
|
|
<h2><font color="#e00000">Cryptography</font></h2> |
<h2><font color="#e00000">Cryptography</font></h2> |
<hr> |
<hr> |
|
|
<img align="left" alt="[OpenBSD]" height="166" width="197" src="images/blowfish-notext.jpg"> |
|
<br> |
|
<br> |
|
<br> |
|
"The mantra of any good security engineer is: "Security is not a |
|
product, but a process." It's more than designing strong cryptography |
|
into a system; it's designing the entire system such that all security |
|
measures, including cryptography, work together."<br> |
|
<br> |
|
-- Bruce Schneier, author of "Applied Cryptography". |
|
<br clear="all"> |
|
<hr> |
|
|
|
<strong>Index</strong><br> |
|
<a href="#why">Why do we ship cryptography?</a>.<br> |
|
<a href="#ssh">OpenSSH</a>.<br> |
|
<a href="#prng">Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br> |
|
<a href="#hash">Cryptographic Hash Functions</a>: MD5, SHA1, ...<br> |
|
<a href="#trans">Cryptographic Transforms</a>: DES, Blowfish, ...<br> |
|
<a href="#hardware">Cryptographic Hardware support</a><br> |
|
<a href="#people">International Cryptographers wanted</a><br> |
|
<a href="#papers">Further Reading</a><br> |
|
<p> |
|
<hr> |
|
|
|
<a name="why"></a> |
<a name="why"></a> |
<h3><font color="#e00000">Why do we ship cryptography?</font></h3><p> |
<h3><font color="#e00000">Why do we ship cryptography?</font></h3><p> |
|
|
|
|
extended to make use of Kerberos as well.<p> |
extended to make use of Kerberos as well.<p> |
|
|
|
|
<img align="right" src="images/vpnc-test-partner.gif" alt="VPNC TEST PARTNER"> |
|
OpenBSD was the first operating system to ship with an IPsec stack. |
OpenBSD was the first operating system to ship with an IPsec stack. |
We've been including IPsec since the OpenBSD 2.1 release in 1997. |
We've been including IPsec since the OpenBSD 2.1 release in 1997. |
Our fully conformant in-kernel IPsec stack, with hardware acceleration |
|
based on a number of cards, and our own free ISAKMP daemon, is used as |
|
one of the machines in the IPsec conformance testbed run by |
|
<a href="http://www.vpnc.org">VPNC</a>. |
|
<br clear="all"> |
|
<p> |
<p> |
|
|
Today cryptography is an important means for enhancing the <a |
Today cryptography is an important means for enhancing the |
href="security.html">security</a> of an operating system. The |
<a href="security.html">security</a> of an operating system. The |
cryptography utilized in OpenBSD can be classified into various |
cryptography utilized in OpenBSD can be classified into various |
aspects, described as follows.<p> |
aspects, described as follows. |
|
<p> |
|
|
<a name="ssh"></a> |
<a name="ssh"></a> |
<h3><font color="#e00000">OpenSSH</font></h3><p> |
<h3><font color="#e00000">OpenSSH</font></h3><p> |