version 1.46, 1999/10/16 21:34:43 |
version 1.47, 1999/10/17 00:46:36 |
|
|
|
|
<strong>Index</strong><br> |
<strong>Index</strong><br> |
<a href=#why>Why do we ship cryptography?</a>.<br> |
<a href=#why>Why do we ship cryptography?</a>.<br> |
<a href=#ssh>SSH soon built in</a>.<br> |
<a href=#ssh>OpenSSH</a>.<br> |
<a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br> |
<a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br> |
<a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ...<br> |
<a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ...<br> |
<a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ...<br> |
<a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ...<br> |
|
|
aspects, described as follows.<p> |
aspects, described as follows.<p> |
|
|
<a name=ssh></a> |
<a name=ssh></a> |
<h3><font color=#e00000>SSH soon built in</font></h3><p> |
<h3><font color=#e00000>OpenSSH</font></h3><p> |
|
|
What is the first thing most people do after installing OpenBSD? |
What is the first thing most people do after installing OpenBSD? |
They install Secure Shell ( |
They install Secure Shell ( |
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssh>ssh</a>) |
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssh>ssh</a>) |
from the ports tree or the packages on the FTP sites. Until now, that is.<p> |
from the ports tree or the packages on the FTP sites. Until now, that is.<p> |
|
|
This is still very much a work in progress, but we found an innovative way |
As of the upcoming 2.6 release, OpenBSD contains |
around the RSA patent. We are taking a free license release of ssh and |
OpenSSH, an absolutely free and patent unencumbered version of ssh. |
OpenBSD-ifying it. We will get around the USA-based RSA patent by providing |
OpenSSH interoperates with ssh version 1 and has many added features, |
an easy way to automatically download and install a RSA-enabled package |
<ul> |
containing shared library versions of libcrypto and libssl. These packages |
<li> |
are based on OpenSSL. People living outside the USA can freely use the |
all components of a restrictive nature (ie. patents, see |
|
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssl>ssl</a>)) |
|
have been directly removed from the source code; any licensed or |
|
patented components are chosen from external libraries. |
|
</li> |
|
<li> |
|
has been updated to support ssh protocol 1.5. |
|
</li> |
|
<li> |
|
contains added support for |
|
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos>kerberos</a> |
|
authentication and ticket passing. |
|
</li> |
|
<li> |
|
supports one-time password authentication with |
|
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=skey>skey</a>. |
|
</li> |
|
</ul> |
|
<p> |
|
|
|
We took a free license release of ssh and OpenBSD-ifyed it. We |
|
get around the USA-based RSA patent by providing an easy way to |
|
automatically download and install a RSA-enabled package containing |
|
shared library versions of libcrypto and libssl. These packages are |
|
based on OpenSSL. People living outside the USA can freely use the |
RSA patented code, while people inside the USA can freely use it for |
RSA patented code, while people inside the USA can freely use it for |
non-commercial purposes. It appears as if companies inside the USA can |
non-commercial purposes. It appears as if companies inside the USA |
use the RSA libraries too, as long as RSA is not used in a profit generating |
can use the RSA libraries too, as long as RSA is not used in a profit |
role.<p> |
generating role.<p> |
|
|
But this way almost everyone will get ssh built-in.<p> |
But this way almost everyone will get ssh built-in.<p> |
|
|