Annotation of www/crypto.html, Revision 1.149
1.114 jufi 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.114 jufi 4: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.149 ! tj 5: <meta name="copyright" content="This document copyright 1997-2016 by OpenBSD.">
! 6: <title>OpenBSD: Cryptography</title>
1.148 deraadt 7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.144 sthen 9: <link rel="canonical" href="http://www.openbsd.org/crypto.html">
1.1 deraadt 10: </head>
11:
1.148 deraadt 12: <h2>
13: <a href="index.html">
14: <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a>
15: <font color="#e00000">Cryptography</font>
1.149 ! tj 16: </h2>
1.138 jcs 17: <hr>
18:
1.114 jufi 19: <a name="why"></a>
20: <h3><font color="#e00000">Why do we ship cryptography?</font></h3><p>
1.32 deraadt 21:
22: In three words: <strong>because we can</strong>.<p>
23:
1.1 deraadt 24: The OpenBSD project is based in Canada.<p>
25:
1.114 jufi 26: The <a href="ECL.html">Export Control List of Canada</a>
1.23 deraadt 27: places no significant restriction on the export of
1.5 deraadt 28: cryptographic software, and is even more explicit about the free
29: export of freely-available cryptographic software. Marc Plumb has
30: done
1.116 nick 31: <a href="http://www.efc.ca/pages/doc/crypto-export.html">
1.31 aaron 32: some research to test the cryptographic laws</a>.
1.2 deraadt 33: <p>
1.1 deraadt 34:
1.3 deraadt 35: Hence the OpenBSD project has embedded cryptography into numerous places
36: in the operating system. We require that the cryptographic software we
1.114 jufi 37: use be <a href="policy.html">freely available and with good licenses</a>.
1.32 deraadt 38: We do not directly use cryptography with nasty patents.
1.13 deraadt 39: We also require that such software is from countries with useful export
1.16 deraadt 40: licenses because we do not wish to break the laws of any country.
41: <p>
1.7 deraadt 42:
1.87 brad 43: OpenBSD was the first operating system to ship with an IPsec stack.
1.102 brad 44: We've been including IPsec since the OpenBSD 2.1 release in 1997.
1.66 deraadt 45: <p>
46:
1.114 jufi 47: <a name="ssh"></a>
48: <h3><font color="#e00000">OpenSSH</font></h3><p>
1.39 louis 49:
1.55 deraadt 50: As of the 2.6 release, OpenBSD contains
1.50 provos 51: <a href="http://www.openssh.com/">OpenSSH</a>, an absolutely free and
1.128 david 52: patent unencumbered version of ssh.
1.55 deraadt 53: <a href="http://www.openssh.com/">OpenSSH</a> interoperated with ssh
54: version 1 and had many added features,
1.47 provos 55: <ul>
56: <li>
1.88 brad 57: all components of a restrictive nature (i.e., patents, see
1.147 sthen 58: <a href="http://man.openbsd.org/?query=ssl&sektion=8">ssl(8)</a>)
1.55 deraadt 59: had been directly removed from the source code; any licensed or
60: patented components used external libraries.
1.47 provos 61: <li>
1.55 deraadt 62: had been updated to support ssh protocol 1.5.
1.47 provos 63: <li>
1.55 deraadt 64: supported one-time password authentication with
1.147 sthen 65: <a href="http://man.openbsd.org/?query=skey&sektion=1">skey(1)</a>.
1.47 provos 66: </ul>
67: <p>
68:
1.93 deraadt 69: Roughly said, we took a free license release of ssh, OpenBSD-ifyed it.
70: About a year later, we extended OpenSSH to also do SSH 2 protocol, the
71: result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0.
1.69 deraadt 72:
73: <p>
1.114 jufi 74: <a name="people"></a>
75: <h3><font color="#e00000">International Cryptographers Wanted</font></h3><p>
1.32 deraadt 76:
77: Of course, our project needs people to work on these systems. If any
78: non-American cryptographer who meets the constraints listed earlier is
79: interested in helping out with embedded cryptography in OpenBSD,
80: please contact us.<p>
81:
1.33 deraadt 82: <p>
1.114 jufi 83: <a name="papers"></a>
84: <h3><font color="#e00000">Further Reading</font></h3><p>
1.33 deraadt 85:
86: A number of papers have been written by OpenBSD team members, about
87: cryptographic changes they have done in OpenBSD. The postscript
1.34 deraadt 88: versions of these documents are available as follows.<p>
1.33 deraadt 89:
90: <ul>
1.43 deraadt 91: <li>A Future-Adaptable Password Scheme.<br>
1.114 jufi 92: <a href="events.html#usenix99">Usenix 1999</a>,
93: by <a href="mailto:provos@openbsd.org">Niels Provos</a>,
94: <a href="mailto:dm@openbsd.org">David Mazieres</a>.<br>
95: <a href="papers/bcrypt-paper.ps">paper</a> and
96: <a href="papers/bcrypt-slides.ps">slides</a>.
1.43 deraadt 97: <p>
98: <li>Cryptography in OpenBSD: An Overview.<br>
1.114 jufi 99: <a href="events.html#usenix99">Usenix 1999</a>,
100: by <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>,
101: <a href="mailto:niklas@openbsd.org">Niklas Hallqvist</a>,
102: <a href="mailto:art@openbsd.org">Artur Grabowski</a>,
103: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>,
104: <a href="mailto:provos@openbsd.org">Niels Provos</a>.<br>
105: <a href="papers/crypt-paper.ps">paper</a> and
106: <a href="papers/crypt-slides.ps">slides</a>.
1.62 niklas 107: <p>
108: <li>Implementing Internet Key Exchange (IKE).<br>
1.114 jufi 109: <a href="events.html#usenix2000">Usenix 2000</a>,
110: by <a href="mailto:niklas@openbsd.org">Niklas Hallqvist</a> and
111: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>.<br>
112: <a href="papers/ikepaper.ps">paper</a> and
113: <a href="papers/ikeslides.ps">slides</a>.
114: <p>
115: <li>Encrypting Virtual Memory.<br>
116: <a href="events.html#sec2000">Usenix Security 2000</a>,
117: <a href="mailto:provos@openbsd.org">Niels Provos</a>.<br>
1.128 david 118: <a href="papers/swapencrypt.ps">paper</a> and
1.114 jufi 119: <a href="papers/swapencrypt-slides.ps">slides</a>.
1.121 jason 120: <p>
121: <li>The Design of the OpenBSD Cryptographic Framework.<br>
122: <a href="events.html#usenix2003">Usenix 2003</a>, by
123: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>,
124: <a href="mailto:jason@openbsd.org">Jason L. Wright</a>, and
125: <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br>
126: <a href="papers/ocf.pdf">paper</a>.
1.133 steven 127: <p>
1.132 jason 128: <li>Cryptography As an Operating System Service: A Case Study.<br>
1.133 steven 129: <a href="http://www.acm.org/tocs/">ACM Transactions on Computer Systems</a>,
1.132 jason 130: February 2006, by
131: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>,
132: <a href="mailto:jason@openbsd.org">Jason L. Wright</a>, and
133: <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br>
134: <a href="papers/crypt-service.pdf">paper</a>.
1.33 deraadt 135: </ul>
1.1 deraadt 136:
1.10 deraadt 137: </body>
138: </html>