-Today cryptography is an important means for enhancing the -security of an operating system. The -cryptography utilized in OpenBSD can be classified into various -aspects, described as follows. -
@@ -76,51 +70,6 @@ Roughly said, we took a free license release of ssh, OpenBSD-ifyed it. About a year later, we extended OpenSSH to also do SSH 2 protocol, the result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0. - - -
- -A Pseudo Random Number Generator (PRNG) provides applications with a stream of -numbers which have certain important properties for system security:
- -
- -A PRNG is normally just an algorithm where the same initial starting -values will yield the same sequence of outputs. On a multiuser -operating system there are many sources which allow seeding the PRNG -with random data. The OpenBSD kernel uses the mouse interrupt timing, -network data interrupt latency, inter-keypress timing and disk IO -information to fill an entropy pool. Random numbers are available for -kernel routines and are exported via devices to userland programs. - -
- -A Hash Function compresses its input data to a string of -constant size. For a Cryptographic Hash Function it is infeasible to find: - -
- -
- -Cryptographic Transforms are used to encrypt and decrypt data. These -are normally used with an encryption key for data encryption and with -a decryption key for data decryption. The security of a Cryptographic -Transform should rely only on the keying material.