| version 1.31, 1999/05/10 16:47:56 |
version 1.32, 1999/09/22 05:54:08 |
|
|
| |
|
| <img alt="[OpenBSD]" height=200 width=200 SRC="images/blowfish.jpg"> |
<img alt="[OpenBSD]" height=200 width=200 SRC="images/blowfish.jpg"> |
| |
|
| |
<h3><font color=#e00000><strong>Cryptography</strong></font></h3> |
| |
<hr> |
| |
|
| |
<strong>Index</strong><br> |
| |
<a href=#why>Why do we ship cryptography?</a>.<br> |
| |
<a href=#disclosure>Full Disclosure policy</a>.<br> |
| |
<a href=#process>Source code auditing process</a>.<br> |
| |
|
| |
<a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br> |
| |
<a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ...<br> |
| |
<a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ...<br> |
| |
|
| |
<a href=#people>International Cryptographers wanted</a><br> |
| <p> |
<p> |
| <h3><font color=#e00000><strong>OpenBSD Cryptography</strong></font></h3> |
<hr> |
| |
|
| |
<dl> |
| |
<a name=why></a> |
| |
<li><h3><font color=#e00000><strong>Why do we ship cryptography?</strong></font></h3><p> |
| |
|
| |
In three words: <strong>because we can</strong>.<p> |
| |
|
| The OpenBSD project is based in Canada.<p> |
The OpenBSD project is based in Canada.<p> |
| |
|
| The <a href=ECL.html>Export Control List of Canada</a> |
The <a href=ECL.html>Export Control List of Canada</a> |
|
|
| Hence the OpenBSD project has embedded cryptography into numerous places |
Hence the OpenBSD project has embedded cryptography into numerous places |
| in the operating system. We require that the cryptographic software we |
in the operating system. We require that the cryptographic software we |
| use be <a href=policy.html>freely available and with good licenses</a>. |
use be <a href=policy.html>freely available and with good licenses</a>. |
| We do not use cryptography with nasty patents. |
We do not directly use cryptography with nasty patents. |
| We also require that such software is from countries with useful export |
We also require that such software is from countries with useful export |
| licenses because we do not wish to break the laws of any country. |
licenses because we do not wish to break the laws of any country. |
| The cryptographic software components which we use currently were |
The cryptographic software components which we use currently were |
|
|
| cryptography utilized in OpenBSD can be classified into three |
cryptography utilized in OpenBSD can be classified into three |
| different aspects:<p> |
different aspects:<p> |
| |
|
| <ul> |
|
| <li><a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ... |
|
| <li><a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ... |
|
| <li><a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ... |
|
| </ul> |
|
| |
|
| <p> |
<p> |
| <a name=prng></a> |
<a name=prng></a> |
| <h3><font color=#e00000><strong>Pseudo Random Number Generators</strong></font></h3> |
<li><h3><font color=#e00000><strong>Pseudo Random Number Generators</strong></font></h3><p> |
| |
|
| A Pseudo Random Number Generator (PRNG) provides applications with a stream of |
A Pseudo Random Number Generator (PRNG) provides applications with a stream of |
| numbers which have certain important properties for system security:<p> |
numbers which have certain important properties for system security:<p> |
| |
|
|
|
| <li>The generated numbers should not have repeating patterns which means |
<li>The generated numbers should not have repeating patterns which means |
| the PRNG should have a very long cycle length. |
the PRNG should have a very long cycle length. |
| </ul> |
</ul> |
| |
<p> |
| |
|
| A PRNG is normally just an algorithm where the same initial starting |
A PRNG is normally just an algorithm where the same initial starting |
| values will yield the same sequence of outputs. On a multiuser |
values will yield the same sequence of outputs. On a multiuser |
|
|
| |
|
| <p> |
<p> |
| <a name=hash></a> |
<a name=hash></a> |
| <h3><font color=#e00000><strong>Cryptographic Hash Functions</strong></font></h3> |
<li><h3><font color=#e00000><strong>Cryptographic Hash Functions</strong></font></h3><p> |
| |
|
| A Hash Function compresses its input data to a string of |
A Hash Function compresses its input data to a string of |
| constant size. For a Cryptographic Hash Function it is infeasible to find |
constant size. For a Cryptographic Hash Function it is infeasible to find |
| <ul> |
<ul> |
|
|
| <li>a different input for a given input with the same output |
<li>a different input for a given input with the same output |
| (2nd preimage resistant). |
(2nd preimage resistant). |
| </ul> |
</ul> |
| |
<p> |
| |
|
| In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
| e.g. |
e.g. |
|
|
| options(4)</a> |
options(4)</a> |
| <li>In libssl for digital signing of messages. |
<li>In libssl for digital signing of messages. |
| </ul> |
</ul> |
| |
<p> |
| |
|
| <p> |
<p> |
| <a name=trans></a> |
<a name=trans></a> |
| <h3><font color=#e00000><strong>Cryptographic Transforms</strong></font></h3> |
<li><h3><font color=#e00000><strong>Cryptographic Transforms</strong></font></h3><p> |
| |
|
| Cryptographic Transforms are used to encrypt and decrypt data. These |
Cryptographic Transforms are used to encrypt and decrypt data. These |
| are normally used with an encryption key for data encryption and with |
are normally used with an encryption key for data encryption and with |
| a decryption key for data decryption. The security of a Cryptographic |
a decryption key for data decryption. The security of a Cryptographic |
|
|
| <li>In libssl to let applications communicate over the de-facto standard |
<li>In libssl to let applications communicate over the de-facto standard |
| cryptographically secure SSL protocol. |
cryptographically secure SSL protocol. |
| </ul> |
</ul> |
| |
|
| |
<p> |
| |
<a name=people></a> |
| |
<li><h3><font color=#e00000><strong>International Cryptographers Wanted</strong></font></h3><p> |
| |
|
| |
Of course, our project needs people to work on these systems. If any |
| |
non-American cryptographer who meets the constraints listed earlier is |
| |
interested in helping out with embedded cryptography in OpenBSD, |
| |
please contact us.<p> |
| |
|
| |
</dl> |
| |
|
| <p> |
<p> |
| <hr> |
<hr> |
![[BACK]](/icons/back.gif){kind=icon}
Return to crypto.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www