| version 1.153, 2017/06/26 17:18:57 |
version 1.154, 2019/05/27 22:55:19 |
|
|
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
| <html> |
<html lang=en> |
| <head> |
<meta charset=utf-8> |
| <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> |
|
| <meta name="copyright" content="This document copyright 1997-2016 by OpenBSD."> |
|
| <title>OpenBSD: Cryptography</title> |
<title>OpenBSD: Cryptography</title> |
| <meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
| <link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
| <link rel="canonical" href="https://www.openbsd.org/crypto.html"> |
<link rel="canonical" href="https://www.openbsd.org/crypto.html"> |
| </head> |
|
| |
|
| <body bgcolor="#ffffff" text="#000000" link="#23238E"> |
<style> |
| |
h3 { |
| |
color: var(--red); |
| |
} |
| |
</style> |
| |
|
| <h2> |
<h2 id=OpenBSD> |
| <a href="index.html"> |
<a href="index.html"> |
| <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
| <font color="#e00000">Cryptography</font> |
Cryptography |
| </h2> |
</h2> |
| |
|
| <hr> |
<hr> |
| |
|
| <a name="why"></a> |
<h3 id="why">Why do we ship cryptography?</h3> |
| <h3><font color="#e00000">Why do we ship cryptography?</font></h3><p> |
|
| |
|
| In three words: <strong>because we can</strong>.<p> |
<p> |
| |
In three words: <strong>because we can</strong>. |
| |
|
| The OpenBSD project is based in Canada.<p> |
<p> |
| |
The OpenBSD project is based in Canada. |
| |
|
| |
<p> |
| The <a href="ECL.html">Export Control List of Canada</a> |
The <a href="ECL.html">Export Control List of Canada</a> |
| places no significant restriction on the export of |
places no significant restriction on the export of |
| cryptographic software, and is even more explicit about the free |
cryptographic software, and is even more explicit about the free |
|
|
| done |
done |
| <a href="http://www.efc.ca/pages/doc/crypto-export.html"> |
<a href="http://www.efc.ca/pages/doc/crypto-export.html"> |
| some research to test the cryptographic laws</a>. |
some research to test the cryptographic laws</a>. |
| <p> |
|
| |
|
| |
<p> |
| Hence the OpenBSD project has embedded cryptography into numerous places |
Hence the OpenBSD project has embedded cryptography into numerous places |
| in the operating system. We require that the cryptographic software we |
in the operating system. We require that the cryptographic software we |
| use be <a href="policy.html">freely available and with good licenses</a>. |
use be <a href="policy.html">freely available and with good licenses</a>. |
| We do not directly use cryptography with nasty patents. |
We do not directly use cryptography with nasty patents. |
| We also require that such software is from countries with useful export |
We also require that such software is from countries with useful export |
| licenses because we do not wish to break the laws of any country. |
licenses because we do not wish to break the laws of any country. |
| <p> |
|
| |
|
| |
<p> |
| OpenBSD was the first operating system to ship with an IPsec stack. |
OpenBSD was the first operating system to ship with an IPsec stack. |
| We've been including IPsec since the OpenBSD 2.1 release in 1997. |
We've been including IPsec since the OpenBSD 2.1 release in 1997. |
| <p> |
|
| |
|
| <a name="ssh"></a> |
<h3 id="ssh">OpenSSH</h3> |
| <h3><font color="#e00000">OpenSSH</font></h3><p> |
|
| |
|
| |
<p> |
| As of the 2.6 release, OpenBSD contains |
As of the 2.6 release, OpenBSD contains |
| <a href="https://www.openssh.com/">OpenSSH</a>, an absolutely free and |
<a href="https://www.openssh.com/">OpenSSH</a>, an absolutely free and |
| patent unencumbered version of ssh. |
patent unencumbered version of ssh. |
|
|
| supported one-time password authentication with |
supported one-time password authentication with |
| <a href="https://man.openbsd.org/?query=skey&sektion=1">skey(1)</a>. |
<a href="https://man.openbsd.org/?query=skey&sektion=1">skey(1)</a>. |
| </ul> |
</ul> |
| <p> |
|
| |
|
| |
<p> |
| Roughly said, we took a free license release of ssh, OpenBSD-ifyed it. |
Roughly said, we took a free license release of ssh, OpenBSD-ifyed it. |
| About a year later, we extended OpenSSH to also do SSH 2 protocol, the |
About a year later, we extended OpenSSH to also do SSH 2 protocol, the |
| result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0. |
result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0. |
| |
|
| <p> |
<h3 id="people">International Cryptographers Wanted</h3> |
| <a name="people"></a> |
|
| <h3><font color="#e00000">International Cryptographers Wanted</font></h3><p> |
|
| |
|
| |
<p> |
| Of course, our project needs people to work on these systems. If any |
Of course, our project needs people to work on these systems. If any |
| non-American cryptographer who meets the constraints listed earlier is |
non-American cryptographer who meets the constraints listed earlier is |
| interested in helping out with embedded cryptography in OpenBSD, |
interested in helping out with embedded cryptography in OpenBSD, |
| please contact us.<p> |
please contact us. |
| |
|
| <p> |
<h3 id="papers">Further Reading</h3> |
| <a name="papers"></a> |
|
| <h3><font color="#e00000">Further Reading</font></h3><p> |
|
| |
|
| |
<p> |
| A number of papers have been written by OpenBSD team members, about |
A number of papers have been written by OpenBSD team members, about |
| cryptographic changes they have done in OpenBSD. The postscript |
cryptographic changes they have done in OpenBSD. The postscript |
| versions of these documents are available as follows.<p> |
versions of these documents are available as follows. |
| |
|
| <ul> |
<ul> |
| <li>A Future-Adaptable Password Scheme.<br> |
<li>A Future-Adaptable Password Scheme.<br> |
|
|
| <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br> |
<a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br> |
| <a href="papers/crypt-service.pdf">paper</a>. |
<a href="papers/crypt-service.pdf">paper</a>. |
| </ul> |
</ul> |
| |
|
| </body> |
|
| </html> |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to crypto.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www