![[OpenBSD]](images/blowfish-notext.jpg)
+
+
In three words: because we can.
The OpenBSD project is based in Canada.
-The Export Control List of Canada +The Export Control List of Canada places no significant restriction on the export of cryptographic software, and is even more explicit about the free export of freely-available cryptographic software. Marc Plumb has done - + some research to test the cryptographic laws.
Hence the OpenBSD project has embedded cryptography into numerous places in the operating system. We require that the cryptographic software we -use be freely available and with good licenses. +use be freely available and with good licenses. We do not directly use cryptography with nasty patents. We also require that such software is from countries with useful export licenses because we do not wish to break the laws of any country. @@ -74,27 +76,27 @@ has been extended to make use of Kerberos as well.
-
+
OpenBSD was the first operating system to ship with an IPsec stack.
We've been including IPsec since the OpenBSD 2.1 release in 1997.
Our fully conformant in-kernel IPsec stack, with hardware acceleration
based on a number of cards, and our own free ISAKMP daemon, is used as
one of the machines in the IPsec conformance testbed run by
VPNC.
-
+
Today cryptography is an important means for enhancing the security of an operating system. The +href="security.html">security of an operating system. The cryptography utilized in OpenBSD can be classified into various aspects, described as follows.
What is the first thing most people do after installing OpenBSD? They install Secure Shell -(ssh) +(ssh(1)) from the ports tree or the packages on the FTP sites. Until now, that is.
As of the 2.6 release, OpenBSD contains @@ -106,22 +108,18 @@
@@ -129,8 +127,8 @@ About a year later, we extended OpenSSH to also do SSH 2 protocol, the result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0. - -
A Pseudo Random Number Generator (PRNG) provides applications with a stream of numbers which have certain important properties for system security:
@@ -167,13 +165,13 @@
A Hash Function compresses its input data to a string of constant size. For a Cryptographic Hash Function it is infeasible to find: @@ -188,17 +186,17 @@ In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, e.g:
+
Cryptographic Transforms are used to encrypt and decrypt data. These are normally used with an encryption key for data encryption and with @@ -217,20 +215,20 @@ kernel and userland programs, which are used in many places like:
OpenBSD, starting with 2.7, has begun supporting some cryptography hardware such as accelerators and random number generators.
-
-
-
-
-
-
-
If people wish to help with writing drivers, -come and help us. +come and help us.
Of course, our project needs people to work on these systems. If any non-American cryptographer who meets the constraints listed earlier is @@ -411,8 +409,8 @@ please contact us.
A number of papers have been written by OpenBSD team members, about cryptographic changes they have done in OpenBSD. The postscript @@ -420,42 +418,42 @@
-
-www@openbsd.org
+
+www@openbsd.org