Annotation of www/crypto.html, Revision 1.47
1.10 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict Level 2//EN//2.0">
1.1 deraadt 2: <html>
3: <head>
1.10 deraadt 4: <title>Cryptography in OpenBSD</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
1.10 deraadt 7: <meta name="description" content="OpenBSD cryptography">
8: <meta name="keywords" content="openbsd,cryptography">
1.1 deraadt 9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1997 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
1.45 deraadt 14: <img align=left alt="[OpenBSD]" height=166 width=197 SRC="images/blowfish-notext.jpg">
15: <br>
16: <br>
17: <br>
18: "The mantra of any good security engineer is: "Security is a not a
19: product, but a process." It's more than designing strong cryptography
20: into a system; it's designing the entire system such that all security
21: measures, including cryptography, work together."<br>
22: <br>
23: -- Bruce Schneier, author of "Applied Cryptography".
24: <br clear=all>
1.37 deraadt 25: <h2><font color=#e00000>Cryptography</font><hr></h2>
1.32 deraadt 26:
27: <strong>Index</strong><br>
1.41 louis 28: <a href=#why>Why do we ship cryptography?</a>.<br>
1.47 ! provos 29: <a href=#ssh>OpenSSH</a>.<br>
1.32 deraadt 30: <a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br>
31: <a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ...<br>
32: <a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ...<br>
33:
34: <a href=#people>International Cryptographers wanted</a><br>
1.33 deraadt 35: <a href=#papers>Further Reading</a><br>
1.1 deraadt 36: <p>
1.32 deraadt 37: <hr>
38:
39: <a name=why></a>
1.42 deraadt 40: <h3><font color=#e00000>Why do we ship cryptography?</font></h3><p>
1.32 deraadt 41:
42: In three words: <strong>because we can</strong>.<p>
43:
1.1 deraadt 44: The OpenBSD project is based in Canada.<p>
45:
1.23 deraadt 46: The <a href=ECL.html>Export Control List of Canada</a>
47: places no significant restriction on the export of
1.5 deraadt 48: cryptographic software, and is even more explicit about the free
49: export of freely-available cryptographic software. Marc Plumb has
50: done
1.2 deraadt 51: <a href=http://insight.mcmaster.ca/org/efc/pages/doc/crypto-export.html>
1.31 aaron 52: some research to test the cryptographic laws</a>.
1.2 deraadt 53: <p>
1.1 deraadt 54:
1.3 deraadt 55: Hence the OpenBSD project has embedded cryptography into numerous places
56: in the operating system. We require that the cryptographic software we
57: use be <a href=policy.html>freely available and with good licenses</a>.
1.32 deraadt 58: We do not directly use cryptography with nasty patents.
1.13 deraadt 59: We also require that such software is from countries with useful export
1.16 deraadt 60: licenses because we do not wish to break the laws of any country.
61: The cryptographic software components which we use currently were
62: written in Argentina, Australia, Canada, Germany, Greece, Norway, and
63: Sweden.
64: <p>
1.7 deraadt 65:
1.15 deraadt 66: When we create OpenBSD releases or snapshots we build our release
67: binaries in free countries to assure that the sources and binaries we
68: provide to users are free of tainting. In the past our release binary
69: builds have been done in Canada, Sweden, and Germany.<p>
70:
1.16 deraadt 71: OpenBSD ships with Kerberos IV included. The codebase we use is the
1.17 deraadt 72: exportable KTH-based release from Sweden. Our X11 source has been
73: extended to make use of Kerberos IV as well. Kerberos V support will
1.16 deraadt 74: perhaps appear in 1999, but at present time a freely exportable
75: Kerberos V release does not exist.<p>
76:
1.15 deraadt 77: Today cryptography is an important means for enhancing the <a
78: href=security.html>security</a> of an operating system. The
1.42 deraadt 79: cryptography utilized in OpenBSD can be classified into various
80: aspects, described as follows.<p>
1.10 deraadt 81:
1.39 louis 82: <a name=ssh></a>
1.47 ! provos 83: <h3><font color=#e00000>OpenSSH</font></h3><p>
1.39 louis 84:
1.40 deraadt 85: What is the first thing most people do after installing OpenBSD?
1.46 deraadt 86: They install Secure Shell (
87: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssh>ssh</a>)
88: from the ports tree or the packages on the FTP sites. Until now, that is.<p>
1.39 louis 89:
1.47 ! provos 90: As of the upcoming 2.6 release, OpenBSD contains
! 91: OpenSSH, an absolutely free and patent unencumbered version of ssh.
! 92: OpenSSH interoperates with ssh version 1 and has many added features,
! 93: <ul>
! 94: <li>
! 95: all components of a restrictive nature (ie. patents, see
! 96: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssl>ssl</a>))
! 97: have been directly removed from the source code; any licensed or
! 98: patented components are chosen from external libraries.
! 99: </li>
! 100: <li>
! 101: has been updated to support ssh protocol 1.5.
! 102: </li>
! 103: <li>
! 104: contains added support for
! 105: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos>kerberos</a>
! 106: authentication and ticket passing.
! 107: </li>
! 108: <li>
! 109: supports one-time password authentication with
! 110: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=skey>skey</a>.
! 111: </li>
! 112: </ul>
! 113: <p>
! 114:
! 115: We took a free license release of ssh and OpenBSD-ifyed it. We
! 116: get around the USA-based RSA patent by providing an easy way to
! 117: automatically download and install a RSA-enabled package containing
! 118: shared library versions of libcrypto and libssl. These packages are
! 119: based on OpenSSL. People living outside the USA can freely use the
1.40 deraadt 120: RSA patented code, while people inside the USA can freely use it for
1.47 ! provos 121: non-commercial purposes. It appears as if companies inside the USA
! 122: can use the RSA libraries too, as long as RSA is not used in a profit
! 123: generating role.<p>
1.39 louis 124:
1.40 deraadt 125: But this way almost everyone will get ssh built-in.<p>
1.39 louis 126:
1.18 deraadt 127: <a name=prng></a>
1.42 deraadt 128: <h3><font color=#e00000>Pseudo Random Number Generators</font></h3><p>
1.32 deraadt 129:
1.10 deraadt 130: A Pseudo Random Number Generator (PRNG) provides applications with a stream of
131: numbers which have certain important properties for system security:<p>
132:
133: <ul>
1.11 deraadt 134: <li>It should be impossible for an outsider to predict the output of the
135: random number generator even with knowledge of previous output.
136: <li>The generated numbers should not have repeating patterns which means
137: the PRNG should have a very long cycle length.
1.10 deraadt 138: </ul>
1.32 deraadt 139: <p>
1.10 deraadt 140:
1.13 deraadt 141: A PRNG is normally just an algorithm where the same initial starting
142: values will yield the same sequence of outputs. On a multiuser
143: operating system there are many sources which allow seeding the PRNG
144: with random data. The OpenBSD kernel uses the mouse interrupt timing,
145: network data interrupt latency, inter-keypress timing and disk IO
146: information to fill an entropy pool. Random numbers are available for
147: kernel routines and are exported via devices to userland programs.
1.36 deraadt 148: So far random numbers are used in the following places:<p>
1.13 deraadt 149:
1.10 deraadt 150: <ul>
1.14 deraadt 151: <li>Dynamic sin_port allocation in bind(2).
152: <li>PIDs of processes.
1.26 aaron 153: <li>IP datagram IDs.
1.14 deraadt 154: <li>RPC transaction IDs (XID).
155: <li>NFS RPC transaction IDs (XID).
156: <li>DNS Query-IDs.
157: <li>Inode generation numbers, see getfh(2) and fsirand(8).
1.31 aaron 158: <li>Timing perturbance in traceroute(8).
1.14 deraadt 159: <li>Stronger temporary names for mktemp(3) and mkstemp(3)
160: <li>Randomness added to the TCP ISS value for protection against
161: spoofing attacks.
1.29 deraadt 162: <li>random padding in IPSEC esp_old packets.
1.14 deraadt 163: <li>To generate salts for the various password algorithms.
164: <li>For generating fake S/Key challenges.
1.44 provos 165: <li>In <a href=http://www.physnet.uni-hamburg.de/provos/photuris/>photurisd</a>
1.28 angelos 166: and <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd>isakmpd</a>
167: to provide liveness proof of key exchanges.
1.10 deraadt 168: </ul>
1.1 deraadt 169:
1.10 deraadt 170: <p>
1.18 deraadt 171: <a name=hash></a>
1.42 deraadt 172: <h3><font color=#e00000>Cryptographic Hash Functions</font></h3><p>
1.32 deraadt 173:
1.10 deraadt 174: A Hash Function compresses its input data to a string of
1.36 deraadt 175: constant size. For a Cryptographic Hash Function it is infeasible to find:
176:
1.1 deraadt 177: <ul>
1.11 deraadt 178: <li>two inputs which have the same output (collision resistant),
179: <li>a different input for a given input with the same output
180: (2nd preimage resistant).
1.1 deraadt 181: </ul>
1.32 deraadt 182: <p>
1.10 deraadt 183:
1.12 millert 184: In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions,
1.36 deraadt 185: e.g:<p>
1.10 deraadt 186: <ul>
1.27 deraadt 187: <li>In <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=skey>S/Key</a>
188: to provide one time passwords.
189: <li>In <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec>IPsec</a>,
1.44 provos 190: <a href=http://www.physnet.uni-hamburg.de/provos/photuris/>photurisd</a>
1.27 deraadt 191: and
192: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd>isakmpd(8)</a>
193: to authenticate the data origin of packets and to ensure packet integrity.
194: <li>For FreeBSD-style MD5 passwords (not enabled by default), see
195: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=passwd.conf&sektion=5>
196: passwd.conf(5)</a>
197: <li>For TCP SYN cookie support (not enabled by default), see
198: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4>
199: options(4)</a>
1.24 niklas 200: <li>In libssl for digital signing of messages.
1.10 deraadt 201: </ul>
1.32 deraadt 202: <p>
1.10 deraadt 203:
1.6 deraadt 204: <p>
1.18 deraadt 205: <a name=trans></a>
1.42 deraadt 206: <h3><font color=#e00000>Cryptographic Transforms</font></h3><p>
1.32 deraadt 207:
1.11 deraadt 208: Cryptographic Transforms are used to encrypt and decrypt data. These
209: are normally used with an encryption key for data encryption and with
210: a decryption key for data decryption. The security of a Cryptographic
211: Transform should rely only on the keying material.<p>
1.6 deraadt 212:
1.24 niklas 213: OpenBSD provides transforms like DES, 3DES, Blowfish and Cast for the
1.36 deraadt 214: kernel and userland programs, which are used in many places like:<p>
1.10 deraadt 215: <ul>
1.27 deraadt 216: <li>In libc for creating
217: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=blf_key>Blowfish</a>
1.33 deraadt 218: passwords. See also the <a href=papers/bcrypt-paper.ps>USENIX paper</a>
219: on this topic.
1.27 deraadt 220: <li>In
221: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec>IPsec</a>
222: to provide confidentiality for the network layer.
223: <li>In Kerberos and a handful of kerberized applications, like
224: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=telnet>telnet</a>,
225: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvs>cvs</a>,
226: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=rsh>rsh</a>,
227: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=rcp>rcp</a>,
228: and
229: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=rlogin>rlogin</a>.
1.44 provos 230: <li>In <a href=http://www.physnet.uni-hamburg.de/provos/photuris/>
1.27 deraadt 231: photurisd</a> and
232: <a href=http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd>isakmpd</a>
233: to protect the exchanges where IPsec key material is negotiated.
1.24 niklas 234: <li>In AFS to protect the messages passing over the network, providing
1.27 deraadt 235: confidentiality of remote filesystem access.
1.24 niklas 236: <li>In libssl to let applications communicate over the de-facto standard
237: cryptographically secure SSL protocol.
1.10 deraadt 238: </ul>
1.1 deraadt 239:
1.10 deraadt 240: <p>
1.32 deraadt 241: <a name=people></a>
1.42 deraadt 242: <h3><font color=#e00000>International Cryptographers Wanted</font></h3><p>
1.32 deraadt 243:
244: Of course, our project needs people to work on these systems. If any
245: non-American cryptographer who meets the constraints listed earlier is
246: interested in helping out with embedded cryptography in OpenBSD,
247: please contact us.<p>
248:
1.33 deraadt 249: <p>
250: <a name=papers></a>
1.42 deraadt 251: <h3><font color=#e00000>Further Reading</font></h3><p>
1.33 deraadt 252:
253: A number of papers have been written by OpenBSD team members, about
254: cryptographic changes they have done in OpenBSD. The postscript
1.34 deraadt 255: versions of these documents are available as follows.<p>
1.33 deraadt 256:
257: <ul>
1.43 deraadt 258: <li>A Future-Adaptable Password Scheme.<br>
259: by <a href=mailto:provos@openbsd.org>Niels Provos<a/>,
260: <a href=mailto:dm@openbsd.org>David Mazieres</a>.<br>
1.33 deraadt 261: <a href=papers/bcrypt-paper.ps>paper</a> and
262: <a href=papers/bcrypt-slides.ps>slides</a>.
1.43 deraadt 263: <p>
264: <li>Cryptography in OpenBSD: An Overview.<br>
265: by <a href=mailto:deraadt@openbsd.org>Theo de Raadt</a>,
266: <a href=mailto:niklas@openbsd.org>Niklas Hallqvist</a>,
267: <a href=mailto:art@openbsd.org>Artur Grabowski</a>,
268: <a href=mailto:angelos@openbsd.org>Angelos D. Keromytis</a>,
269: <a href=mailto:provos@openbsd.org>Niels Provos</a>.<br>
1.33 deraadt 270: <a href=papers/crypt-paper.ps>paper</a> and
271: <a href=papers/crypt-slides.ps>slides</a>.
272: </ul>
273:
1.32 deraadt 274: <p>
1.1 deraadt 275: <hr>
1.19 pauls 276: <a href=/index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.10 deraadt 277: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
278: <br>
1.47 ! provos 279: <small>$OpenBSD: crypto.html,v 1.46 1999/10/16 21:34:43 deraadt Exp $</small>
1.1 deraadt 280:
1.10 deraadt 281: </body>
282: </html>