Annotation of www/crypto.html, Revision 1.140
1.114 jufi 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.114 jufi 4: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.1 deraadt 5: <meta name="resource-type" content="document">
1.10 deraadt 6: <meta name="description" content="OpenBSD cryptography">
1.48 beck 7: <meta name="keywords" content="openbsd,cryptography,openssh,openssl,kerberos">
1.112 jason 8: <meta name="keywords" content="ipsec,isakmp,ike,blowfish,des,rsa,dsa">
1.1 deraadt 9: <meta name="distribution" content="global">
1.130 deraadt 10: <meta name="copyright" content="This document copyright 1997-2006 by OpenBSD.">
1.114 jufi 11: <title>Cryptography in OpenBSD</title>
1.1 deraadt 12: </head>
13:
1.114 jufi 14: <body bgcolor="#ffffff" text="#000000" link="#23238e">
1.138 jcs 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
16: <p>
17: <h2><font color="#e00000">Cryptography</font></h2>
18: <hr>
19:
1.114 jufi 20: <a name="why"></a>
21: <h3><font color="#e00000">Why do we ship cryptography?</font></h3><p>
1.32 deraadt 22:
23: In three words: <strong>because we can</strong>.<p>
24:
1.1 deraadt 25: The OpenBSD project is based in Canada.<p>
26:
1.114 jufi 27: The <a href="ECL.html">Export Control List of Canada</a>
1.23 deraadt 28: places no significant restriction on the export of
1.5 deraadt 29: cryptographic software, and is even more explicit about the free
30: export of freely-available cryptographic software. Marc Plumb has
31: done
1.116 nick 32: <a href="http://www.efc.ca/pages/doc/crypto-export.html">
1.31 aaron 33: some research to test the cryptographic laws</a>.
1.2 deraadt 34: <p>
1.1 deraadt 35:
1.3 deraadt 36: Hence the OpenBSD project has embedded cryptography into numerous places
37: in the operating system. We require that the cryptographic software we
1.114 jufi 38: use be <a href="policy.html">freely available and with good licenses</a>.
1.32 deraadt 39: We do not directly use cryptography with nasty patents.
1.13 deraadt 40: We also require that such software is from countries with useful export
1.16 deraadt 41: licenses because we do not wish to break the laws of any country.
42: The cryptographic software components which we use currently were
43: written in Argentina, Australia, Canada, Germany, Greece, Norway, and
44: Sweden.
45: <p>
1.7 deraadt 46:
1.15 deraadt 47: When we create OpenBSD releases or snapshots we build our release
48: binaries in free countries to assure that the sources and binaries we
49: provide to users are free of tainting. In the past our release binary
50: builds have been done in Canada, Sweden, and Germany.<p>
51:
1.124 jmc 52: OpenBSD ships with Kerberos V included. The codebase we use is the
53: exportable Heimdal release from Sweden. Our X11 source has been
54: extended to make use of Kerberos as well.<p>
1.16 deraadt 55:
1.67 deraadt 56:
1.87 brad 57: OpenBSD was the first operating system to ship with an IPsec stack.
1.102 brad 58: We've been including IPsec since the OpenBSD 2.1 release in 1997.
1.66 deraadt 59: <p>
60:
1.140 ! deraadt 61: Today cryptography is an important means for enhancing the
! 62: <a href="security.html">security</a> of an operating system. The
1.42 deraadt 63: cryptography utilized in OpenBSD can be classified into various
1.140 ! deraadt 64: aspects, described as follows.
! 65: <p>
1.10 deraadt 66:
1.114 jufi 67: <a name="ssh"></a>
68: <h3><font color="#e00000">OpenSSH</font></h3><p>
1.39 louis 69:
1.55 deraadt 70: As of the 2.6 release, OpenBSD contains
1.50 provos 71: <a href="http://www.openssh.com/">OpenSSH</a>, an absolutely free and
1.128 david 72: patent unencumbered version of ssh.
1.55 deraadt 73: <a href="http://www.openssh.com/">OpenSSH</a> interoperated with ssh
74: version 1 and had many added features,
1.47 provos 75: <ul>
76: <li>
1.88 brad 77: all components of a restrictive nature (i.e., patents, see
1.114 jufi 78: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a>)
1.55 deraadt 79: had been directly removed from the source code; any licensed or
80: patented components used external libraries.
1.47 provos 81: <li>
1.55 deraadt 82: had been updated to support ssh protocol 1.5.
1.47 provos 83: <li>
1.124 jmc 84: contained added support for Kerberos authentication and ticket passing.
1.47 provos 85: <li>
1.55 deraadt 86: supported one-time password authentication with
1.114 jufi 87: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a>.
1.47 provos 88: </ul>
89: <p>
90:
1.93 deraadt 91: Roughly said, we took a free license release of ssh, OpenBSD-ifyed it.
92: About a year later, we extended OpenSSH to also do SSH 2 protocol, the
93: result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0.
1.39 louis 94:
1.114 jufi 95: <a name="prng"></a>
96: <h3><font color="#e00000">Pseudo Random Number Generators</font></h3><p>
1.32 deraadt 97:
1.128 david 98: A Pseudo Random Number Generator (PRNG) provides applications with a stream of
1.10 deraadt 99: numbers which have certain important properties for system security:<p>
100:
101: <ul>
1.11 deraadt 102: <li>It should be impossible for an outsider to predict the output of the
103: random number generator even with knowledge of previous output.
104: <li>The generated numbers should not have repeating patterns which means
105: the PRNG should have a very long cycle length.
1.10 deraadt 106: </ul>
1.32 deraadt 107: <p>
1.10 deraadt 108:
1.13 deraadt 109: A PRNG is normally just an algorithm where the same initial starting
110: values will yield the same sequence of outputs. On a multiuser
111: operating system there are many sources which allow seeding the PRNG
112: with random data. The OpenBSD kernel uses the mouse interrupt timing,
113: network data interrupt latency, inter-keypress timing and disk IO
114: information to fill an entropy pool. Random numbers are available for
115: kernel routines and are exported via devices to userland programs.
1.36 deraadt 116: So far random numbers are used in the following places:<p>
1.13 deraadt 117:
1.10 deraadt 118: <ul>
1.14 deraadt 119: <li>Dynamic sin_port allocation in bind(2).
120: <li>PIDs of processes.
1.26 aaron 121: <li>IP datagram IDs.
1.14 deraadt 122: <li>RPC transaction IDs (XID).
123: <li>NFS RPC transaction IDs (XID).
124: <li>DNS Query-IDs.
125: <li>Inode generation numbers, see getfh(2) and fsirand(8).
1.31 aaron 126: <li>Timing perturbance in traceroute(8).
1.14 deraadt 127: <li>Stronger temporary names for mktemp(3) and mkstemp(3)
128: <li>Randomness added to the TCP ISS value for protection against
129: spoofing attacks.
1.87 brad 130: <li>random padding in IPsec esp_old packets.
1.14 deraadt 131: <li>To generate salts for the various password algorithms.
132: <li>For generating fake S/Key challenges.
1.114 jufi 133: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>
1.28 angelos 134: to provide liveness proof of key exchanges.
1.10 deraadt 135: </ul>
1.1 deraadt 136:
1.10 deraadt 137: <p>
1.114 jufi 138: <a name="hash"></a>
139: <h3><font color="#e00000">Cryptographic Hash Functions</font></h3><p>
1.32 deraadt 140:
1.10 deraadt 141: A Hash Function compresses its input data to a string of
1.36 deraadt 142: constant size. For a Cryptographic Hash Function it is infeasible to find:
143:
1.1 deraadt 144: <ul>
1.11 deraadt 145: <li>two inputs which have the same output (collision resistant),
146: <li>a different input for a given input with the same output
147: (2nd preimage resistant).
1.1 deraadt 148: </ul>
1.32 deraadt 149: <p>
1.10 deraadt 150:
1.12 millert 151: In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions,
1.36 deraadt 152: e.g:<p>
1.128 david 153: <ul>
1.114 jufi 154: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">S/Key(1)</a>
1.27 deraadt 155: to provide one time passwords.
1.114 jufi 156: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">IPsec(4)</a>
1.27 deraadt 157: and
1.114 jufi 158: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>
1.27 deraadt 159: to authenticate the data origin of packets and to ensure packet integrity.
160: <li>For FreeBSD-style MD5 passwords (not enabled by default), see
1.136 sthen 161: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">
162: login.conf(5)</a>
1.24 niklas 163: <li>In libssl for digital signing of messages.
1.10 deraadt 164: </ul>
1.32 deraadt 165: <p>
1.10 deraadt 166:
1.6 deraadt 167: <p>
1.71 jufi 168: <a name="trans"></a>
1.114 jufi 169: <h3><font color="#e00000">Cryptographic Transforms</font></h3><p>
1.32 deraadt 170:
1.11 deraadt 171: Cryptographic Transforms are used to encrypt and decrypt data. These
172: are normally used with an encryption key for data encryption and with
173: a decryption key for data decryption. The security of a Cryptographic
174: Transform should rely only on the keying material.<p>
1.6 deraadt 175:
1.24 niklas 176: OpenBSD provides transforms like DES, 3DES, Blowfish and Cast for the
1.36 deraadt 177: kernel and userland programs, which are used in many places like:<p>
1.10 deraadt 178: <ul>
1.27 deraadt 179: <li>In libc for creating
1.114 jufi 180: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=blf_key&sektion=3">Blowfish</a>
1.71 jufi 181: passwords. See also the <a href="papers/bcrypt-paper.ps">USENIX paper</a>
1.33 deraadt 182: on this topic.
1.27 deraadt 183: <li>In
1.114 jufi 184: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">IPsec(4)</a>
1.27 deraadt 185: to provide confidentiality for the network layer.
1.114 jufi 186: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>
1.87 brad 187: to protect the exchanges where IPsec key material is negotiated.
1.24 niklas 188: <li>In libssl to let applications communicate over the de-facto standard
189: cryptographically secure SSL protocol.
1.10 deraadt 190: </ul>
1.1 deraadt 191:
1.10 deraadt 192: <p>
1.114 jufi 193: <a name="hardware"></a>
194: <h3><font color="#e00000">Cryptographic Hardware Support</font></h3><p>
1.51 deraadt 195:
1.58 louis 196: OpenBSD, starting with 2.7, has begun supporting some cryptography hardware
197: such as accelerators and random number generators.
1.51 deraadt 198: <ul>
1.114 jufi 199: <li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">
1.92 jason 200: IPsec crypto dequeue</a></b><br>
1.87 brad 201: Our IPsec stack has been modified so that cryptographic functions get
202: done out-of-line. Most simple software IPsec stacks need to do
1.82 pvalchev 203: cryptography when processing each packet. This results in synchronous
1.73 aaron 204: performance. To use hardware properly and speedily one needs to separate
1.51 deraadt 205: these two components, as we have done. Actually, doing this gains some
206: performance even for the software case.
207: <p>
1.114 jufi 208: <li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">
1.88 brad 209: Hifn 7751</a></b><br>
210: Cards using the Hifn 7751 can be used as a symmetric cryptographic
1.101 deraadt 211: accelerator, i.e., the
212: <a href="http://www.soekris.com/vpn1201.htm">Soekris VPN1201 or VPN1211</a>
213: (<a href="http://www.soekris.com/how_to_buy.htm">to buy</a>)
214: or
215: <a href="http://www.powercrypt.com">PowerCrypt</a>.
1.51 deraadt 216: Current performance using a single Hifn 7751 on each end of a tunnel
1.88 brad 217: is 64Mbit/sec for 3DES/SHA1 ESP, nearly a 600% improvement over
218: using a P3/550 CPU. Further improvements are under way to resolve a
1.51 deraadt 219: few more issues, but as of April 13, 2000 the code is considered
1.53 deraadt 220: stable. We wrote our own driver for supporting this chip, rather
221: than using the (USA-written)
1.88 brad 222: <a href="http://www.powercrypt.com">PowerCrypt</a> driver, as well
1.87 brad 223: our driver links in properly to the IPsec stack.
1.53 deraadt 224: The 7751 is now considered slow by industry standards and many vendors
1.88 brad 225: have faster chips (even Hifn now has a faster but more expensive
1.89 jufi 226: chip). Peak performance with 3DES SHA1 ESP is around 64Mbit/sec.
1.60 deraadt 227: <p>
1.97 jason 228: After 2.9 shipped, support was added for the Hifn 7951 chip, a
229: simplified version of the 7751 which adds a public key accelerator
230: (unsupported) and a random number generator (supported). Cards
231: were donated by <a href="http://www.soekris.com/">Soekris Engineering</a>.
232: <p>
233: After 3.0 shipped, support was added for the Hifn 7811 chip, a
234: faster version of the 7751 (around 130Mbit/s) with a random number
235: generator. A card was donated by <a href="http://www.gtgi.com/">GTGI</a>.
236: <p>
1.118 jason 237: After 3.2 shipped, support was added for the LZS compression algorithm
238: used by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
239: <p>
1.123 jason 240: After 3.4 shipped, support was added for the 7955 and 7956 chips.
241: In addition to all the features of the previous 7951 chip, these add AES.
242: <p>
1.118 jason 243: Hifn was initially a difficult company to deal with (threatening to sue
1.119 deraadt 244: us over our non-USA reverse engineering of their crypto unlock algorithm),
245: but more recently they have been very helpful in providing boards and
246: support.
1.53 deraadt 247: <p>
1.69 deraadt 248:
1.114 jufi 249: <li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lofn&sektion=4">
1.92 jason 250: Hifn 6500</a></b><br>
1.86 brad 251: This device is an asymmetric crypto unit. It has support for RSA, DSA,
1.69 deraadt 252: and DH algorithms, as well as other major big number functions. It also
253: contains a very high performance random number generator. We have one
1.107 deraadt 254: device, full documentation, and sample code. As of OpenBSD 3.1,
1.105 jason 255: both the random number generator and big number unit are working.
256: <p>
257:
1.114 jufi 258: <li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nofn&sektion=4">
1.105 jason 259: Hifn 7814/7851/7854</a></b><br>
260: This device is a packet processor and asymmetric crypto unit. It has
261: support for RSA, DSA, and DH algorithms, as well as other major big number
262: functions and also has a random number generator. Currently, only the
263: big number engine and the random number generator are supported (no
264: packet transforms).
1.69 deraadt 265: <p>
266:
1.114 jufi 267: <li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">
1.134 reyk 268: Broadcom BCM5801/BCM5802/BCM5805/BCM5820/BCM5821/BCM5822/5823/5825/5860/5861/5862
1.105 jason 269: (or beta chip Bluesteelnet 5501/5601)</a></b><br>
1.65 deraadt 270: Just after the OpenBSD 2.7 release, we succeeded at adding preliminary
271: support for these early release parts provided to us by the vendor,
1.76 deraadt 272: specifically starting with the test chip 5501.
1.69 deraadt 273: These devices provide the highest performance symmetric cryptography
274: we have seen.
275: <p>
1.59 deraadt 276: Bluesteelnet was bought by Broadcom and started making real parts.
1.84 pvalchev 277: Their new BCM5805 is similar, except that they also add an asymmetric
1.65 deraadt 278: engine for running DSA, RSA, and other such algorithms. With approximate
1.88 brad 279: performance starting at more than four times as fast as the Hifn,
1.65 deraadt 280: hopefully this chip will become more common soon.
1.60 deraadt 281: <p>
282: The Broadcom/Bluesteelnet people have been great to deal with. They gave
1.69 deraadt 283: us complete documentation and sample code for their chips and a
284: sufficient number of cards to test with.
1.60 deraadt 285: <p>
1.74 deraadt 286: Post 2.8, this driver was also modified to generate random numbers on
287: the BCM5805 and similar versions, and feed that data into the kernel
288: entropy pool.
289: <p>
1.96 jason 290: Post 2.9, support was added for the BCM5820, which is mostly just a
291: faster (64bit, higher clock speed) version of the BCM5805. Untested
292: support for the BCM5821 was also added post 3.0.
1.100 jason 293: <p>
1.111 jufi 294: As of 3.1, the big num engine is supported, and RSA/DH/DSA operations
1.107 deraadt 295: can be accelerated.
296: <p>
1.108 jason 297: Support for the BCM5801, BCM5802, BCM5821 and BCM5822 was added before
1.109 jason 298: OpenBSD 3.2 (the untested BCM5821 support in 3.1 was broken because of
299: some undocumented interrupt handling requirements).
1.108 jason 300: <p>
1.134 reyk 301: Partial support for BCM5823 was added for 3.4.
302: <p>
303: Support for the BCM5825, BCM5860, BCM5861, and BCM5862 including support
1.135 jsg 304: for AES with the BCM5823 or newer was added after 4.5.
1.122 jason 305: <p>
1.60 deraadt 306:
1.114 jufi 307: <li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ises&sektion=4">
1.88 brad 308: Securealink PCC-ISES</a></b><br>
1.115 jufi 309: The <a href="http://www.safenet-inc.com/technology/chips/safexcel_ises.asp">
1.128 david 310: PCC-ISES</a> is a new chipset from the Netherlands. We have received
311: sample hardware and documentation, and work on a driver is in progress.
312: At the moment, the driver is capable of feeding random numbers into
1.115 jufi 313: the kernel entropy pool.
1.60 deraadt 314: <p>
1.130 deraadt 315:
316: <li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=safe&sektion=4">
1.131 deraadt 317: SafeNet SafeXcel 1141/1741</a></b><br>
1.130 deraadt 318: After 3.4 shipped, support was for added for these two chips (found on various
319: <a href="http://www.safenet-inc.com/products/accCards/">SafeNet</a>
320: crypto cards. Supports DES, Triple-DES, AES, MD5, and SHA-1 symmetric crypto
321: operations, RNG, public key operations, and full IPsec packet processing.
322: <p>
323:
324: <li><b>SafeNet SafeXcel 1840</b><br>
325: We have received documentation and sample hardware for the
326: <a href="http://www.safenet-inc.com/products/chips/safeXcel1840.asp">SafeNet 1840</a>
327: crypto chip. Work to support at least the RNG and symmetric cryptography of
328: these devices has started.
329: <p>
330:
1.88 brad 331: <li><b>SafeNet SafeXcel 2141</b><br>
1.60 deraadt 332: We have received documentation and sample hardware for the
1.130 deraadt 333: <a href="http://www.safenet-inc.com/products/chips/safeXcel2141.asp">SafeNet 2141</a>
334: crypto chip. Work to support at least the symmetric cryptography of
1.72 deraadt 335: these devices has started.
1.57 deraadt 336: <p>
1.130 deraadt 337:
1.114 jufi 338: <li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=txp&sektion=4">
1.110 jason 339: 3com 3cr990</a></b><br>
1.77 deraadt 340: 3com gave us a driver to support the ethernet component of this chipset,
1.79 ericj 341: and based on that, we have written our own ethernet driver. This driver
342: has now been integrated once we were able to get a free license on the
1.110 jason 343: microcode. Due to poor documentation and lack of cooperation (partly
344: because of the high turnover rates at 3Com), the IPsec functions of the
345: chip are not supported.... so this turned out to be a less than completely
346: useful exercise.
1.69 deraadt 347: <p>
348:
1.87 brad 349: <li><b>Intel IPsec card</b><br>
1.77 deraadt 350: Much like Intel does for all their networking division components, and
1.93 deraadt 351: completely unlike most other vendors, Intel steadfastly refuses to provide
1.77 deraadt 352: us with documentation. We have talked to about five technical people who
353: are involved in the development of those products. They all want us to
354: have documentation. They commend us on what we have done. But their hands
355: are tied by management who does not perceive a benefit to themselves for
356: providing documentation. Forget about Intel. (If you want to buy gigabit
357: ethernet hardware, we recommend anything else... for the same reason:
358: most drivers we have for Intel networking hardware were written without
359: documentation).
1.52 deraadt 360: <p>
1.69 deraadt 361:
1.114 jufi 362: <li><b><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchb&sektion=4">
1.80 deraadt 363: Intel 82802AB/82802AC Firmware Hub RNG</a></b><br>
1.74 deraadt 364: The 82802 FWH chip (found on i810, i820, i840, i850, and i860 motherboards)
1.87 brad 365: contains a random number generator (RNG). High-performance IPsec
1.74 deraadt 366: requires more random number entropy. As of April 10, 2000, we support
1.90 jsyn 367: the RNG. We will add support for other RNGs found on crypto chips.
1.69 deraadt 368: <p>
369:
1.120 deraadt 370: <li><b>VIA C3 RNG</b><br>
1.129 david 371: The newer VIA C3 CPU contains a random number generator as an instruction.
1.120 deraadt 372: As of <a href="33.html">3.3</a> this random number generator is used
373: inside the kernel to feed the entropy pool.
374: <p>
375:
1.127 deraadt 376: <li><b>VIA C3 AES instructions</b><br>
1.129 david 377: VIA C3 CPUs with a step 8 or later Nehemiah core contains an AES
1.127 deraadt 378: implementation accessible via simple instructions. As of <a
379: href="34.html">3.4</a> the kernel supports them to be used in an
380: IPsec context and exported by <tt>/dev/crypto</tt>. As of <a
381: href="35.html">3.5</a> performances have been greatly improved
382: and OpenSSL now uses the new instruction directly when available
383: without the need to enter the kernel, resulting in vastly
384: improved speed (AES-128 measured at 780MByte/sec) for applications
385: using OpenSSL to perform AES encryption.
386: <p>
387:
1.52 deraadt 388: <li><b>OpenSSL</b><br>
1.107 deraadt 389: Years ago, we had a grand scheme to support crypto cards that can do
390: RSA/DH/DSA automatically via OpenSSL calls. As of OpenBSD 3.2, that
391: support works, and any card that is supported with such functionality
392: will automatically use the hardware, including OpenSSH and httpd in
393: SSL mode. No application changes are required.
1.51 deraadt 394: </ul>
395:
396: <p>
1.69 deraadt 397: <b>If people wish to help with writing drivers,
1.114 jufi 398: <a href="#people">come and help us</a>.</b>
1.69 deraadt 399:
400: <p>
1.114 jufi 401: <a name="people"></a>
402: <h3><font color="#e00000">International Cryptographers Wanted</font></h3><p>
1.32 deraadt 403:
404: Of course, our project needs people to work on these systems. If any
405: non-American cryptographer who meets the constraints listed earlier is
406: interested in helping out with embedded cryptography in OpenBSD,
407: please contact us.<p>
408:
1.33 deraadt 409: <p>
1.114 jufi 410: <a name="papers"></a>
411: <h3><font color="#e00000">Further Reading</font></h3><p>
1.33 deraadt 412:
413: A number of papers have been written by OpenBSD team members, about
414: cryptographic changes they have done in OpenBSD. The postscript
1.34 deraadt 415: versions of these documents are available as follows.<p>
1.33 deraadt 416:
417: <ul>
1.43 deraadt 418: <li>A Future-Adaptable Password Scheme.<br>
1.114 jufi 419: <a href="events.html#usenix99">Usenix 1999</a>,
420: by <a href="mailto:provos@openbsd.org">Niels Provos</a>,
421: <a href="mailto:dm@openbsd.org">David Mazieres</a>.<br>
422: <a href="papers/bcrypt-paper.ps">paper</a> and
423: <a href="papers/bcrypt-slides.ps">slides</a>.
1.43 deraadt 424: <p>
425: <li>Cryptography in OpenBSD: An Overview.<br>
1.114 jufi 426: <a href="events.html#usenix99">Usenix 1999</a>,
427: by <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>,
428: <a href="mailto:niklas@openbsd.org">Niklas Hallqvist</a>,
429: <a href="mailto:art@openbsd.org">Artur Grabowski</a>,
430: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>,
431: <a href="mailto:provos@openbsd.org">Niels Provos</a>.<br>
432: <a href="papers/crypt-paper.ps">paper</a> and
433: <a href="papers/crypt-slides.ps">slides</a>.
1.62 niklas 434: <p>
435: <li>Implementing Internet Key Exchange (IKE).<br>
1.114 jufi 436: <a href="events.html#usenix2000">Usenix 2000</a>,
437: by <a href="mailto:niklas@openbsd.org">Niklas Hallqvist</a> and
438: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>.<br>
439: <a href="papers/ikepaper.ps">paper</a> and
440: <a href="papers/ikeslides.ps">slides</a>.
441: <p>
442: <li>Encrypting Virtual Memory.<br>
443: <a href="events.html#sec2000">Usenix Security 2000</a>,
444: <a href="mailto:provos@openbsd.org">Niels Provos</a>.<br>
1.128 david 445: <a href="papers/swapencrypt.ps">paper</a> and
1.114 jufi 446: <a href="papers/swapencrypt-slides.ps">slides</a>.
1.121 jason 447: <p>
448: <li>The Design of the OpenBSD Cryptographic Framework.<br>
449: <a href="events.html#usenix2003">Usenix 2003</a>, by
450: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>,
451: <a href="mailto:jason@openbsd.org">Jason L. Wright</a>, and
452: <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br>
453: <a href="papers/ocf.pdf">paper</a>.
1.133 steven 454: <p>
1.132 jason 455: <li>Cryptography As an Operating System Service: A Case Study.<br>
1.133 steven 456: <a href="http://www.acm.org/tocs/">ACM Transactions on Computer Systems</a>,
1.132 jason 457: February 2006, by
458: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>,
459: <a href="mailto:jason@openbsd.org">Jason L. Wright</a>, and
460: <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br>
461: <a href="papers/crypt-service.pdf">paper</a>.
1.33 deraadt 462: </ul>
1.1 deraadt 463:
1.10 deraadt 464: </body>
465: </html>