version 1.23, 1998/11/14 20:23:31 |
version 1.24, 1998/12/01 08:19:03 |
|
|
spoofing attacks. |
spoofing attacks. |
<li>To generate salts for the various password algorithms. |
<li>To generate salts for the various password algorithms. |
<li>For generating fake S/Key challenges. |
<li>For generating fake S/Key challenges. |
|
<li>In isakmpd to provide liveness proof of key exchanges. |
</ul> |
</ul> |
|
|
<p> |
<p> |
|
|
e.g. |
e.g. |
<ul> |
<ul> |
<li>In S/Key support to provide one time passwords. |
<li>In S/Key support to provide one time passwords. |
<li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/> |
<li>In IPsec, <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/> |
IPSec or Photuris</a> to authenticate the data origin of packets |
photurisd</a> and isakmpd to authenticate the data origin of packets |
and to ensure packet integrity. |
and to ensure packet integrity. |
<li>For FreeBSD-style MD5 passwords (not enabled by default). |
<li>For FreeBSD-style MD5 passwords (not enabled by default). |
<li>For TCP SYN cookie support (not enabled by default). |
<li>For TCP SYN cookie support (not enabled by default). |
|
<li>In libssl for digital signing of messages. |
</ul> |
</ul> |
|
|
<p> |
<p> |
|
|
a decryption key for data decryption. The security of a Cryptographic |
a decryption key for data decryption. The security of a Cryptographic |
Transform should rely only on the keying material.<p> |
Transform should rely only on the keying material.<p> |
|
|
OpenBSD provides transforms like DES and Blowfish for the kernel and userland |
OpenBSD provides transforms like DES, 3DES, Blowfish and Cast for the |
programs, which are used in many places like |
kernel and userland programs, which are used in many places like |
<ul> |
<ul> |
<li>In libc for creating Blowfish passwords. |
<li>In libc for creating Blowfish passwords. |
<li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>IPSec</a> |
<li>In IPsec to provide confidentiality for the network layer. |
to provide confidentiality for the network layer. |
|
<li>In kerberized telnet. |
<li>In kerberized telnet. |
<li>In Photuris to protect the exchanged packet content. |
<li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/> |
|
photurisd</a> and isakmpd to protect the exchanges where IPsec key |
|
material is negotiated. |
|
<li>In AFS to protect the messages passing over the network, providing |
|
confidentiality of remote filesystem access. |
|
<li>In libssl to let applications communicate over the de-facto standard |
|
cryptographically secure SSL protocol. |
</ul> |
</ul> |
|
|
<p> |
<p> |