Annotation of www/crypto.html, Revision 1.39
1.10 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict Level 2//EN//2.0">
1.1 deraadt 2: <html>
3: <head>
1.10 deraadt 4: <title>Cryptography in OpenBSD</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
1.10 deraadt 7: <meta name="description" content="OpenBSD cryptography">
8: <meta name="keywords" content="openbsd,cryptography">
1.1 deraadt 9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
1.22 deraadt 14: <img alt="[OpenBSD]" height=200 width=200 SRC="images/blowfish.jpg">
1.37 deraadt 15: <p>
16: <h2><font color=#e00000>Cryptography</font><hr></h2>
1.32 deraadt 17:
18: <strong>Index</strong><br>
1.39 ! louis 19: <a href=#ssh>SSH soon built into OpenBSD base code</a>.<br>
1.32 deraadt 20: <a href=#why>Why do we ship cryptography?</a>.<br>
21: <a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br>
22: <a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ...<br>
23: <a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ...<br>
24:
25: <a href=#people>International Cryptographers wanted</a><br>
1.33 deraadt 26: <a href=#papers>Further Reading</a><br>
1.1 deraadt 27: <p>
1.32 deraadt 28: <hr>
29:
30: <dl>
31: <a name=why></a>
1.37 deraadt 32: <li><h3><font color=#e00000>Why do we ship cryptography?</font></h3><p>
1.32 deraadt 33:
34: In three words: <strong>because we can</strong>.<p>
35:
1.1 deraadt 36: The OpenBSD project is based in Canada.<p>
37:
1.23 deraadt 38: The <a href=ECL.html>Export Control List of Canada</a>
39: places no significant restriction on the export of
1.5 deraadt 40: cryptographic software, and is even more explicit about the free
41: export of freely-available cryptographic software. Marc Plumb has
42: done
1.2 deraadt 43: <a href=http://insight.mcmaster.ca/org/efc/pages/doc/crypto-export.html>
1.31 aaron 44: some research to test the cryptographic laws</a>.
1.2 deraadt 45: <p>
1.1 deraadt 46:
1.3 deraadt 47: Hence the OpenBSD project has embedded cryptography into numerous places
48: in the operating system. We require that the cryptographic software we
49: use be <a href=policy.html>freely available and with good licenses</a>.
1.32 deraadt 50: We do not directly use cryptography with nasty patents.
1.13 deraadt 51: We also require that such software is from countries with useful export
1.16 deraadt 52: licenses because we do not wish to break the laws of any country.
53: The cryptographic software components which we use currently were
54: written in Argentina, Australia, Canada, Germany, Greece, Norway, and
55: Sweden.
56: <p>
1.7 deraadt 57:
1.15 deraadt 58: When we create OpenBSD releases or snapshots we build our release
59: binaries in free countries to assure that the sources and binaries we
60: provide to users are free of tainting. In the past our release binary
61: builds have been done in Canada, Sweden, and Germany.<p>
62:
1.16 deraadt 63: OpenBSD ships with Kerberos IV included. The codebase we use is the
1.17 deraadt 64: exportable KTH-based release from Sweden. Our X11 source has been
65: extended to make use of Kerberos IV as well. Kerberos V support will
1.16 deraadt 66: perhaps appear in 1999, but at present time a freely exportable
67: Kerberos V release does not exist.<p>
68:
1.15 deraadt 69: Today cryptography is an important means for enhancing the <a
70: href=security.html>security</a> of an operating system. The
71: cryptography utilized in OpenBSD can be classified into three
1.33 deraadt 72: different aspects, which will be described later.<p>
1.10 deraadt 73:
1.39 ! louis 74: <dl>
! 75: <a name=ssh></a>
! 76: <li><h3><font color=#e00000>SSH soon built into OpenBSD base code</font></h3><p>
! 77:
! 78: What do most people do right after they install OpenBSD?<p>
! 79: They install Secure Shell (SSH) from the ports tree or the packages on
! 80: the CD-ROM. Until now, that is.<p>
! 81:
! 82: This is still very much a work in progress, but we found an innovative way
! 83: around the RSA patent. We are taking a free license release of SSH and
! 84: OpenBSD-ifying it.<p>
! 85:
! 86: We get around the US-based RSA patent by letting end users
! 87: selectively download the correct libssl file for their location (US resident
! 88: or not).<p>
! 89:
1.10 deraadt 90: <p>
1.18 deraadt 91: <a name=prng></a>
1.37 deraadt 92: <li><h3><font color=#e00000>Pseudo Random Number Generators</font></h3><p>
1.32 deraadt 93:
1.10 deraadt 94: A Pseudo Random Number Generator (PRNG) provides applications with a stream of
95: numbers which have certain important properties for system security:<p>
96:
97: <ul>
1.11 deraadt 98: <li>It should be impossible for an outsider to predict the output of the
99: random number generator even with knowledge of previous output.
100: <li>The generated numbers should not have repeating patterns which means
101: the PRNG should have a very long cycle length.
1.10 deraadt 102: </ul>
1.32 deraadt 103: <p>
1.10 deraadt 104:
1.13 deraadt 105: A PRNG is normally just an algorithm where the same initial starting
106: values will yield the same sequence of outputs. On a multiuser
107: operating system there are many sources which allow seeding the PRNG
108: with random data. The OpenBSD kernel uses the mouse interrupt timing,
109: network data interrupt latency, inter-keypress timing and disk IO
110: information to fill an entropy pool. Random numbers are available for
111: kernel routines and are exported via devices to userland programs.
1.36 deraadt 112: So far random numbers are used in the following places:<p>
1.13 deraadt 113:
1.10 deraadt 114: <ul>
1.14 deraadt 115: <li>Dynamic sin_port allocation in bind(2).
116: <li>PIDs of processes.
1.26 aaron 117: <li>IP datagram IDs.
1.14 deraadt 118: <li>RPC transaction IDs (XID).
119: <li>NFS RPC transaction IDs (XID).
120: <li>DNS Query-IDs.
121: <li>Inode generation numbers, see getfh(2) and fsirand(8).
1.31 aaron 122: <li>Timing perturbance in traceroute(8).
1.14 deraadt 123: <li>Stronger temporary names for mktemp(3) and mkstemp(3)
124: <li>Randomness added to the TCP ISS value for protection against
125: spoofing attacks.
1.29 deraadt 126: <li>random padding in IPSEC esp_old packets.
1.14 deraadt 127: <li>To generate salts for the various password algorithms.
128: <li>For generating fake S/Key challenges.
1.28 angelos 129: <li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>photurisd</a>
130: and <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd>isakmpd</a>
131: to provide liveness proof of key exchanges.
1.10 deraadt 132: </ul>
1.1 deraadt 133:
1.10 deraadt 134: <p>
1.18 deraadt 135: <a name=hash></a>
1.37 deraadt 136: <li><h3><font color=#e00000>Cryptographic Hash Functions</font></h3><p>
1.32 deraadt 137:
1.10 deraadt 138: A Hash Function compresses its input data to a string of
1.36 deraadt 139: constant size. For a Cryptographic Hash Function it is infeasible to find:
140:
1.1 deraadt 141: <ul>
1.11 deraadt 142: <li>two inputs which have the same output (collision resistant),
143: <li>a different input for a given input with the same output
144: (2nd preimage resistant).
1.1 deraadt 145: </ul>
1.32 deraadt 146: <p>
1.10 deraadt 147:
1.12 millert 148: In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions,
1.36 deraadt 149: e.g:<p>
1.10 deraadt 150: <ul>
1.27 deraadt 151: <li>In <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=skey>S/Key</a>
152: to provide one time passwords.
153: <li>In <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec>IPsec</a>,
154: <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>photurisd</a>
155: and
156: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd>isakmpd(8)</a>
157: to authenticate the data origin of packets and to ensure packet integrity.
158: <li>For FreeBSD-style MD5 passwords (not enabled by default), see
159: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=passwd.conf&sektion=5>
160: passwd.conf(5)</a>
161: <li>For TCP SYN cookie support (not enabled by default), see
162: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4>
163: options(4)</a>
1.24 niklas 164: <li>In libssl for digital signing of messages.
1.10 deraadt 165: </ul>
1.32 deraadt 166: <p>
1.10 deraadt 167:
1.6 deraadt 168: <p>
1.18 deraadt 169: <a name=trans></a>
1.37 deraadt 170: <li><h3><font color=#e00000>Cryptographic Transforms</font></h3><p>
1.32 deraadt 171:
1.11 deraadt 172: Cryptographic Transforms are used to encrypt and decrypt data. These
173: are normally used with an encryption key for data encryption and with
174: a decryption key for data decryption. The security of a Cryptographic
175: Transform should rely only on the keying material.<p>
1.6 deraadt 176:
1.24 niklas 177: OpenBSD provides transforms like DES, 3DES, Blowfish and Cast for the
1.36 deraadt 178: kernel and userland programs, which are used in many places like:<p>
1.10 deraadt 179: <ul>
1.27 deraadt 180: <li>In libc for creating
181: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=blf_key>Blowfish</a>
1.33 deraadt 182: passwords. See also the <a href=papers/bcrypt-paper.ps>USENIX paper</a>
183: on this topic.
1.27 deraadt 184: <li>In
185: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec>IPsec</a>
186: to provide confidentiality for the network layer.
187: <li>In Kerberos and a handful of kerberized applications, like
188: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=telnet>telnet</a>,
189: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvs>cvs</a>,
190: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=rsh>rsh</a>,
191: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=rcp>rcp</a>,
192: and
193: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=rlogin>rlogin</a>.
1.24 niklas 194: <li>In <a href=http://wserver.physnet.uni-hamburg.de/provos/photuris/>
1.27 deraadt 195: photurisd</a> and
196: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd>isakmpd</a>
197: to protect the exchanges where IPsec key material is negotiated.
1.24 niklas 198: <li>In AFS to protect the messages passing over the network, providing
1.27 deraadt 199: confidentiality of remote filesystem access.
1.24 niklas 200: <li>In libssl to let applications communicate over the de-facto standard
201: cryptographically secure SSL protocol.
1.10 deraadt 202: </ul>
1.1 deraadt 203:
1.10 deraadt 204: <p>
1.32 deraadt 205: <a name=people></a>
1.37 deraadt 206: <li><h3><font color=#e00000>International Cryptographers Wanted</font></h3><p>
1.32 deraadt 207:
208: Of course, our project needs people to work on these systems. If any
209: non-American cryptographer who meets the constraints listed earlier is
210: interested in helping out with embedded cryptography in OpenBSD,
211: please contact us.<p>
212:
1.33 deraadt 213: <p>
214: <a name=papers></a>
1.37 deraadt 215: <li><h3><font color=#e00000>Further Reading</font></h3><p>
1.33 deraadt 216:
217: A number of papers have been written by OpenBSD team members, about
218: cryptographic changes they have done in OpenBSD. The postscript
1.34 deraadt 219: versions of these documents are available as follows.<p>
1.33 deraadt 220:
221: <ul>
222: <li>A Future-Adaptable Password Scheme
223: Niels Provos, David Mazieres.<br>
224: <a href=papers/bcrypt-paper.ps>paper</a> and
225: <a href=papers/bcrypt-slides.ps>slides</a>.
226: <li>Cryptography in OpenBSD: An Overview<br>
227: Theo de Raadt, Niklas Hallqvist, Artur Grabowski,
228: Angelos D. Keromytis, Niels Provos.<br>
229: <a href=papers/crypt-paper.ps>paper</a> and
230: <a href=papers/crypt-slides.ps>slides</a>.
231: </ul>
232:
1.32 deraadt 233: </dl>
234:
235: <p>
1.1 deraadt 236: <hr>
1.19 pauls 237: <a href=/index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.10 deraadt 238: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
239: <br>
1.39 ! louis 240: <small>$OpenBSD: crypto.html,v 1.38 1999/09/23 20:21:23 aaron Exp $</small>
1.1 deraadt 241:
1.10 deraadt 242: </body>
243: </html>