File: [local] / www / crypto.html (download) (as text)
Revision 1.8, Sat Feb 21 00:42:36 1998 UTC (26 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +3 -2 lines
clarify these
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD Cryptography</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="OpenBSD Cryptography use">
<meta name="keywords" content="openbsd,main">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1997 by OpenBSD.">
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
<img alt="[OpenBSD]" SRC="/images/smalltitle.gif">
<p>
<h3><font color=#e00000><strong>OpenBSD Cryptography</strong></font></h3>
The OpenBSD project is based in Canada.<p>
The <a href=http://axion.physics.ubc.ca/ECL.html>Export Control
List of Canada</a> places no significant restriction on the export of
cryptographic software, and is even more explicit about the free
export of freely-available cryptographic software. Marc Plumb has
done
<a href=http://insight.mcmaster.ca/org/efc/pages/doc/crypto-export.html>
some research to test the cryptographic laws.</a>
<p>
Hence the OpenBSD project has embedded cryptography into numerous places
in the operating system. We require that the cryptographic software we
use be <a href=policy.html>freely available and with good licenses</a>.
We do not use cryptography with nasty patents.
We also require that such software is from a countries with useful export
licenses because we do not wish to break the laws of any country.<p>
We use strong and weak crypto in different parts of the system:
<ul>
<li>Strong blowfish based password entries with 128-bit salt and a
strength-control mechanism for the system administrator.
<li>KerberosIV fully integrated.
<li>IPSEC with 10+ ciphers integrated into the OS.
<li>The IPSEC <http://wserver.physnet.uni-hamburg.de/provos/photuris/>
Photuris daemon.</a>
<li>Strong random number components are used in numerous places.
<li>All the normal DES code is in libc (where it belongs).
<li>DNS id pseudo-randomization.
<li>(What have I missed?)
</ul>
<p>
When we make OpenBSD releases or snapshots we do our build processes
in free countries to assure that the sources and binaries we provide
to users are free of tainting. In the past our release binary builds
have been done in Canada, Sweden, and Germany.<p>
<hr>
<font size="-1">
<em>This site Copyright © 1996-1998 OpenBSD.</em><br>
$OpenBSD: crypto.html,v 1.8 1998/02/21 00:42:36 deraadt Exp $
</font>
</BODY>
</HTML>
![[BACK]](/icons/back.gif){kind=icon}
Return to crypto.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www