Annotation of www/crypto.html, Revision 1.155
1.154 bentley 1: <!doctype html>
2: <html lang=en>
3: <meta charset=utf-8>
4:
1.149 tj 5: <title>OpenBSD: Cryptography</title>
1.148 deraadt 6: <meta name="viewport" content="width=device-width, initial-scale=1">
7: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.151 tb 8: <link rel="canonical" href="https://www.openbsd.org/crypto.html">
1.1 deraadt 9:
1.154 bentley 10: <style>
11: h3 {
12: color: var(--red);
13: }
14: </style>
1.150 tb 15:
1.154 bentley 16: <h2 id=OpenBSD>
1.148 deraadt 17: <a href="index.html">
1.154 bentley 18: <i>Open</i><b>BSD</b></a>
19: Cryptography
1.149 tj 20: </h2>
1.154 bentley 21:
1.138 jcs 22: <hr>
23:
1.154 bentley 24: <h3 id="why">Why do we ship cryptography?</h3>
1.32 deraadt 25:
1.154 bentley 26: <p>
27: In three words: <strong>because we can</strong>.
1.32 deraadt 28:
1.154 bentley 29: <p>
30: The OpenBSD project is based in Canada.
1.1 deraadt 31:
1.154 bentley 32: <p>
1.114 jufi 33: The <a href="ECL.html">Export Control List of Canada</a>
1.23 deraadt 34: places no significant restriction on the export of
1.5 deraadt 35: cryptographic software, and is even more explicit about the free
36: export of freely-available cryptographic software. Marc Plumb has
37: done
1.116 nick 38: <a href="http://www.efc.ca/pages/doc/crypto-export.html">
1.31 aaron 39: some research to test the cryptographic laws</a>.
1.154 bentley 40:
1.2 deraadt 41: <p>
1.3 deraadt 42: Hence the OpenBSD project has embedded cryptography into numerous places
43: in the operating system. We require that the cryptographic software we
1.114 jufi 44: use be <a href="policy.html">freely available and with good licenses</a>.
1.32 deraadt 45: We do not directly use cryptography with nasty patents.
1.13 deraadt 46: We also require that such software is from countries with useful export
1.16 deraadt 47: licenses because we do not wish to break the laws of any country.
1.154 bentley 48:
1.16 deraadt 49: <p>
1.87 brad 50: OpenBSD was the first operating system to ship with an IPsec stack.
1.102 brad 51: We've been including IPsec since the OpenBSD 2.1 release in 1997.
1.66 deraadt 52:
1.154 bentley 53: <h3 id="ssh">OpenSSH</h3>
1.39 louis 54:
1.154 bentley 55: <p>
1.55 deraadt 56: As of the 2.6 release, OpenBSD contains
1.152 tb 57: <a href="https://www.openssh.com/">OpenSSH</a>, an absolutely free and
1.128 david 58: patent unencumbered version of ssh.
1.152 tb 59: <a href="https://www.openssh.com/">OpenSSH</a> interoperated with ssh
1.155 ! deraadt 60: version 1 and had many added features,
1.47 provos 61: <ul>
62: <li>
1.88 brad 63: all components of a restrictive nature (i.e., patents, see
1.153 tb 64: <a href="https://man.openbsd.org/?query=ssl&sektion=8">ssl(8)</a>)
1.55 deraadt 65: had been directly removed from the source code; any licensed or
66: patented components used external libraries.
1.47 provos 67: <li>
1.55 deraadt 68: had been updated to support ssh protocol 1.5.
1.47 provos 69: <li>
1.55 deraadt 70: supported one-time password authentication with
1.153 tb 71: <a href="https://man.openbsd.org/?query=skey&sektion=1">skey(1)</a>.
1.47 provos 72: </ul>
1.154 bentley 73:
1.47 provos 74: <p>
1.93 deraadt 75: Roughly said, we took a free license release of ssh, OpenBSD-ifyed it.
76: About a year later, we extended OpenSSH to also do SSH 2 protocol, the
77: result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0.
1.69 deraadt 78:
1.154 bentley 79: <h3 id="people">International Cryptographers Wanted</h3>
80:
1.69 deraadt 81: <p>
1.32 deraadt 82: Of course, our project needs people to work on these systems. If any
83: non-American cryptographer who meets the constraints listed earlier is
84: interested in helping out with embedded cryptography in OpenBSD,
1.154 bentley 85: please contact us.
86:
87: <h3 id="papers">Further Reading</h3>
1.32 deraadt 88:
1.33 deraadt 89: <p>
90: A number of papers have been written by OpenBSD team members, about
91: cryptographic changes they have done in OpenBSD. The postscript
1.154 bentley 92: versions of these documents are available as follows.
1.33 deraadt 93:
94: <ul>
1.43 deraadt 95: <li>A Future-Adaptable Password Scheme.<br>
1.114 jufi 96: <a href="events.html#usenix99">Usenix 1999</a>,
97: by <a href="mailto:provos@openbsd.org">Niels Provos</a>,
98: <a href="mailto:dm@openbsd.org">David Mazieres</a>.<br>
99: <a href="papers/bcrypt-paper.ps">paper</a> and
100: <a href="papers/bcrypt-slides.ps">slides</a>.
1.43 deraadt 101: <p>
102: <li>Cryptography in OpenBSD: An Overview.<br>
1.114 jufi 103: <a href="events.html#usenix99">Usenix 1999</a>,
104: by <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>,
105: <a href="mailto:niklas@openbsd.org">Niklas Hallqvist</a>,
106: <a href="mailto:art@openbsd.org">Artur Grabowski</a>,
107: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>,
108: <a href="mailto:provos@openbsd.org">Niels Provos</a>.<br>
109: <a href="papers/crypt-paper.ps">paper</a> and
110: <a href="papers/crypt-slides.ps">slides</a>.
1.62 niklas 111: <p>
112: <li>Implementing Internet Key Exchange (IKE).<br>
1.114 jufi 113: <a href="events.html#usenix2000">Usenix 2000</a>,
114: by <a href="mailto:niklas@openbsd.org">Niklas Hallqvist</a> and
115: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>.<br>
116: <a href="papers/ikepaper.ps">paper</a> and
117: <a href="papers/ikeslides.ps">slides</a>.
118: <p>
119: <li>Encrypting Virtual Memory.<br>
120: <a href="events.html#sec2000">Usenix Security 2000</a>,
121: <a href="mailto:provos@openbsd.org">Niels Provos</a>.<br>
1.128 david 122: <a href="papers/swapencrypt.ps">paper</a> and
1.114 jufi 123: <a href="papers/swapencrypt-slides.ps">slides</a>.
1.121 jason 124: <p>
125: <li>The Design of the OpenBSD Cryptographic Framework.<br>
126: <a href="events.html#usenix2003">Usenix 2003</a>, by
127: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>,
128: <a href="mailto:jason@openbsd.org">Jason L. Wright</a>, and
129: <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br>
130: <a href="papers/ocf.pdf">paper</a>.
1.133 steven 131: <p>
1.132 jason 132: <li>Cryptography As an Operating System Service: A Case Study.<br>
1.133 steven 133: <a href="http://www.acm.org/tocs/">ACM Transactions on Computer Systems</a>,
1.132 jason 134: February 2006, by
135: <a href="mailto:angelos@openbsd.org">Angelos D. Keromytis</a>,
136: <a href="mailto:jason@openbsd.org">Jason L. Wright</a>, and
137: <a href="mailto:deraadt@openbsd.org">Theo de Raadt</a>.<br>
138: <a href="papers/crypt-service.pdf">paper</a>.
1.33 deraadt 139: </ul>