| version 1.142, 2014/05/02 18:55:39 |
version 1.143, 2014/05/02 18:58:56 |
|
|
| We've been including IPsec since the OpenBSD 2.1 release in 1997. |
We've been including IPsec since the OpenBSD 2.1 release in 1997. |
| <p> |
<p> |
| |
|
| Today cryptography is an important means for enhancing the |
|
| <a href="security.html">security</a> of an operating system. The |
|
| cryptography utilized in OpenBSD can be classified into various |
|
| aspects, described as follows. |
|
| <p> |
|
| |
|
| <a name="ssh"></a> |
<a name="ssh"></a> |
| <h3><font color="#e00000">OpenSSH</font></h3><p> |
<h3><font color="#e00000">OpenSSH</font></h3><p> |
| |
|
|
|
| Roughly said, we took a free license release of ssh, OpenBSD-ifyed it. |
Roughly said, we took a free license release of ssh, OpenBSD-ifyed it. |
| About a year later, we extended OpenSSH to also do SSH 2 protocol, the |
About a year later, we extended OpenSSH to also do SSH 2 protocol, the |
| result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0. |
result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0. |
| |
|
| <a name="prng"></a> |
|
| <h3><font color="#e00000">Pseudo Random Number Generators</font></h3><p> |
|
| |
|
| A Pseudo Random Number Generator (PRNG) provides applications with a stream of |
|
| numbers which have certain important properties for system security:<p> |
|
| |
|
| <ul> |
|
| <li>It should be impossible for an outsider to predict the output of the |
|
| random number generator even with knowledge of previous output. |
|
| <li>The generated numbers should not have repeating patterns which means |
|
| the PRNG should have a very long cycle length. |
|
| </ul> |
|
| <p> |
|
| |
|
| A PRNG is normally just an algorithm where the same initial starting |
|
| values will yield the same sequence of outputs. On a multiuser |
|
| operating system there are many sources which allow seeding the PRNG |
|
| with random data. The OpenBSD kernel uses the mouse interrupt timing, |
|
| network data interrupt latency, inter-keypress timing and disk IO |
|
| information to fill an entropy pool. Random numbers are available for |
|
| kernel routines and are exported via devices to userland programs. |
|
| |
|
| <p> |
|
| <a name="hash"></a> |
|
| <h3><font color="#e00000">Cryptographic Hash Functions</font></h3><p> |
|
| |
|
| A Hash Function compresses its input data to a string of |
|
| constant size. For a Cryptographic Hash Function it is infeasible to find: |
|
| |
|
| <ul> |
|
| <li>two inputs which have the same output (collision resistant), |
|
| <li>a different input for a given input with the same output |
|
| (2nd preimage resistant). |
|
| </ul> |
|
| <p> |
|
| |
|
| <p> |
|
| <a name="trans"></a> |
|
| <h3><font color="#e00000">Cryptographic Transforms</font></h3><p> |
|
| |
|
| Cryptographic Transforms are used to encrypt and decrypt data. These |
|
| are normally used with an encryption key for data encryption and with |
|
| a decryption key for data decryption. The security of a Cryptographic |
|
| Transform should rely only on the keying material.<p> |
|
| |
|
| <p> |
<p> |
| <a name="people"></a> |
<a name="people"></a> |
![[BACK]](/icons/back.gif){kind=icon}
Return to crypto.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www