version 1.153, 2017/06/26 17:18:57 |
version 1.154, 2019/05/27 22:55:19 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
<html> |
<html lang=en> |
<head> |
<meta charset=utf-8> |
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> |
|
<meta name="copyright" content="This document copyright 1997-2016 by OpenBSD."> |
|
<title>OpenBSD: Cryptography</title> |
<title>OpenBSD: Cryptography</title> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="canonical" href="https://www.openbsd.org/crypto.html"> |
<link rel="canonical" href="https://www.openbsd.org/crypto.html"> |
</head> |
|
|
|
<body bgcolor="#ffffff" text="#000000" link="#23238E"> |
<style> |
|
h3 { |
|
color: var(--red); |
|
} |
|
</style> |
|
|
<h2> |
<h2 id=OpenBSD> |
<a href="index.html"> |
<a href="index.html"> |
<i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
<font color="#e00000">Cryptography</font> |
Cryptography |
</h2> |
</h2> |
|
|
<hr> |
<hr> |
|
|
<a name="why"></a> |
<h3 id="why">Why do we ship cryptography?</h3> |
<h3><font color="#e00000">Why do we ship cryptography?</font></h3><p> |
|
|
|
In three words: <strong>because we can</strong>.<p> |
<p> |
|
In three words: <strong>because we can</strong>. |
|
|
The OpenBSD project is based in Canada.<p> |
<p> |
|
The OpenBSD project is based in Canada. |
|
|
|
<p> |
The <a href="ECL.html">Export Control List of Canada</a> |
The <a href="ECL.html">Export Control List of Canada</a> |
places no significant restriction on the export of |
places no significant restriction on the export of |
cryptographic software, and is even more explicit about the free |
cryptographic software, and is even more explicit about the free |
|
|
done |
done |
<a href="http://www.efc.ca/pages/doc/crypto-export.html"> |
<a href="http://www.efc.ca/pages/doc/crypto-export.html"> |
some research to test the cryptographic laws</a>. |
some research to test the cryptographic laws</a>. |
<p> |
|
|
|
|
<p> |
Hence the OpenBSD project has embedded cryptography into numerous places |
Hence the OpenBSD project has embedded cryptography into numerous places |
in the operating system. We require that the cryptographic software we |
in the operating system. We require that the cryptographic software we |
use be <a href="policy.html">freely available and with good licenses</a>. |
use be <a href="policy.html">freely available and with good licenses</a>. |
We do not directly use cryptography with nasty patents. |
We do not directly use cryptography with nasty patents. |
We also require that such software is from countries with useful export |
We also require that such software is from countries with useful export |
licenses because we do not wish to break the laws of any country. |
licenses because we do not wish to break the laws of any country. |
<p> |
|
|
|
|
<p> |
OpenBSD was the first operating system to ship with an IPsec stack. |
OpenBSD was the first operating system to ship with an IPsec stack. |
We've been including IPsec since the OpenBSD 2.1 release in 1997. |
We've been including IPsec since the OpenBSD 2.1 release in 1997. |
<p> |
|
|
|
<a name="ssh"></a> |
<h3 id="ssh">OpenSSH</h3> |
<h3><font color="#e00000">OpenSSH</font></h3><p> |
|
|
|
|
<p> |
As of the 2.6 release, OpenBSD contains |
As of the 2.6 release, OpenBSD contains |
<a href="https://www.openssh.com/">OpenSSH</a>, an absolutely free and |
<a href="https://www.openssh.com/">OpenSSH</a>, an absolutely free and |
patent unencumbered version of ssh. |
patent unencumbered version of ssh. |
|
|
supported one-time password authentication with |
supported one-time password authentication with |
<a href="https://man.openbsd.org/?query=skey&sektion=1">skey(1)</a>. |
<a href="https://man.openbsd.org/?query=skey&sektion=1">skey(1)</a>. |
</ul> |
</ul> |
<p> |
|
|
|
|
<p> |
Roughly said, we took a free license release of ssh, OpenBSD-ifyed it. |
Roughly said, we took a free license release of ssh, OpenBSD-ifyed it. |
About a year later, we extended OpenSSH to also do SSH 2 protocol, the |
About a year later, we extended OpenSSH to also do SSH 2 protocol, the |
result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0. |
result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0. |
|
|
<p> |
<h3 id="people">International Cryptographers Wanted</h3> |
<a name="people"></a> |
|
<h3><font color="#e00000">International Cryptographers Wanted</font></h3><p> |
|
|
|
|
<p> |
Of course, our project needs people to work on these systems. If any |
Of course, our project needs people to work on these systems. If any |
non-American cryptographer who meets the constraints listed earlier is |
non-American cryptographer who meets the constraints listed earlier is |
interested in helping out with embedded cryptography in OpenBSD, |
interested in helping out with embedded cryptography in OpenBSD, |
please contact us.<p> |
please contact us. |
|
|
<p> |
<h3 id="papers">Further Reading</h3> |
<a name="papers"></a> |
|
<h3><font color="#e00000">Further Reading</font></h3><p> |
|
|
|
|
<p> |
A number of papers have been written by OpenBSD team members, about |
A number of papers have been written by OpenBSD team members, about |
cryptographic changes they have done in OpenBSD. The postscript |
cryptographic changes they have done in OpenBSD. The postscript |
versions of these documents are available as follows.<p> |
versions of these documents are available as follows. |
|
|
<ul> |
<ul> |
<li>A Future-Adaptable Password Scheme.<br> |
<li>A Future-Adaptable Password Scheme.<br> |
|
|
<a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br> |
<a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br> |
<a href="papers/crypt-service.pdf">paper</a>. |
<a href="papers/crypt-service.pdf">paper</a>. |
</ul> |
</ul> |
|
|
</body> |
|
</html> |
|