version 1.31, 1999/05/10 16:47:56 |
version 1.32, 1999/09/22 05:54:08 |
|
|
|
|
<img alt="[OpenBSD]" height=200 width=200 SRC="images/blowfish.jpg"> |
<img alt="[OpenBSD]" height=200 width=200 SRC="images/blowfish.jpg"> |
|
|
|
<h3><font color=#e00000><strong>Cryptography</strong></font></h3> |
|
<hr> |
|
|
|
<strong>Index</strong><br> |
|
<a href=#why>Why do we ship cryptography?</a>.<br> |
|
<a href=#disclosure>Full Disclosure policy</a>.<br> |
|
<a href=#process>Source code auditing process</a>.<br> |
|
|
|
<a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br> |
|
<a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ...<br> |
|
<a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ...<br> |
|
|
|
<a href=#people>International Cryptographers wanted</a><br> |
<p> |
<p> |
<h3><font color=#e00000><strong>OpenBSD Cryptography</strong></font></h3> |
<hr> |
|
|
|
<dl> |
|
<a name=why></a> |
|
<li><h3><font color=#e00000><strong>Why do we ship cryptography?</strong></font></h3><p> |
|
|
|
In three words: <strong>because we can</strong>.<p> |
|
|
The OpenBSD project is based in Canada.<p> |
The OpenBSD project is based in Canada.<p> |
|
|
The <a href=ECL.html>Export Control List of Canada</a> |
The <a href=ECL.html>Export Control List of Canada</a> |
|
|
Hence the OpenBSD project has embedded cryptography into numerous places |
Hence the OpenBSD project has embedded cryptography into numerous places |
in the operating system. We require that the cryptographic software we |
in the operating system. We require that the cryptographic software we |
use be <a href=policy.html>freely available and with good licenses</a>. |
use be <a href=policy.html>freely available and with good licenses</a>. |
We do not use cryptography with nasty patents. |
We do not directly use cryptography with nasty patents. |
We also require that such software is from countries with useful export |
We also require that such software is from countries with useful export |
licenses because we do not wish to break the laws of any country. |
licenses because we do not wish to break the laws of any country. |
The cryptographic software components which we use currently were |
The cryptographic software components which we use currently were |
|
|
cryptography utilized in OpenBSD can be classified into three |
cryptography utilized in OpenBSD can be classified into three |
different aspects:<p> |
different aspects:<p> |
|
|
<ul> |
|
<li><a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ... |
|
<li><a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ... |
|
<li><a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ... |
|
</ul> |
|
|
|
<p> |
<p> |
<a name=prng></a> |
<a name=prng></a> |
<h3><font color=#e00000><strong>Pseudo Random Number Generators</strong></font></h3> |
<li><h3><font color=#e00000><strong>Pseudo Random Number Generators</strong></font></h3><p> |
|
|
A Pseudo Random Number Generator (PRNG) provides applications with a stream of |
A Pseudo Random Number Generator (PRNG) provides applications with a stream of |
numbers which have certain important properties for system security:<p> |
numbers which have certain important properties for system security:<p> |
|
|
|
|
<li>The generated numbers should not have repeating patterns which means |
<li>The generated numbers should not have repeating patterns which means |
the PRNG should have a very long cycle length. |
the PRNG should have a very long cycle length. |
</ul> |
</ul> |
|
<p> |
|
|
A PRNG is normally just an algorithm where the same initial starting |
A PRNG is normally just an algorithm where the same initial starting |
values will yield the same sequence of outputs. On a multiuser |
values will yield the same sequence of outputs. On a multiuser |
|
|
|
|
<p> |
<p> |
<a name=hash></a> |
<a name=hash></a> |
<h3><font color=#e00000><strong>Cryptographic Hash Functions</strong></font></h3> |
<li><h3><font color=#e00000><strong>Cryptographic Hash Functions</strong></font></h3><p> |
|
|
A Hash Function compresses its input data to a string of |
A Hash Function compresses its input data to a string of |
constant size. For a Cryptographic Hash Function it is infeasible to find |
constant size. For a Cryptographic Hash Function it is infeasible to find |
<ul> |
<ul> |
|
|
<li>a different input for a given input with the same output |
<li>a different input for a given input with the same output |
(2nd preimage resistant). |
(2nd preimage resistant). |
</ul> |
</ul> |
|
<p> |
|
|
In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, |
e.g. |
e.g. |
|
|
options(4)</a> |
options(4)</a> |
<li>In libssl for digital signing of messages. |
<li>In libssl for digital signing of messages. |
</ul> |
</ul> |
|
<p> |
|
|
<p> |
<p> |
<a name=trans></a> |
<a name=trans></a> |
<h3><font color=#e00000><strong>Cryptographic Transforms</strong></font></h3> |
<li><h3><font color=#e00000><strong>Cryptographic Transforms</strong></font></h3><p> |
|
|
Cryptographic Transforms are used to encrypt and decrypt data. These |
Cryptographic Transforms are used to encrypt and decrypt data. These |
are normally used with an encryption key for data encryption and with |
are normally used with an encryption key for data encryption and with |
a decryption key for data decryption. The security of a Cryptographic |
a decryption key for data decryption. The security of a Cryptographic |
|
|
<li>In libssl to let applications communicate over the de-facto standard |
<li>In libssl to let applications communicate over the de-facto standard |
cryptographically secure SSL protocol. |
cryptographically secure SSL protocol. |
</ul> |
</ul> |
|
|
|
<p> |
|
<a name=people></a> |
|
<li><h3><font color=#e00000><strong>International Cryptographers Wanted</strong></font></h3><p> |
|
|
|
Of course, our project needs people to work on these systems. If any |
|
non-American cryptographer who meets the constraints listed earlier is |
|
interested in helping out with embedded cryptography in OpenBSD, |
|
please contact us.<p> |
|
|
|
</dl> |
|
|
<p> |
<p> |
<hr> |
<hr> |