%!PS-Adobe-3.0
%%Creator: groff version 1.11
%%CreationDate: Thu Jun 10 09:20:28 1999
%%DocumentNeededResources: font Palatino-Bold
%%+ font Times-Roman
%%+ font Courier
%%DocumentSuppliedResources: procset grops 1.11 0
%%Pages: 19
%%PageOrder: Ascend
%%Orientation: Landscape
%%EndComments
%%BeginProlog
%%BeginResource: procset grops 1.11 0
/setpacking where{
pop
currentpacking
true setpacking
}if
/grops 120 dict dup begin
/SC 32 def
/A/show load def
/B{0 SC 3 -1 roll widthshow}bind def
/C{0 exch ashow}bind def
/D{0 exch 0 SC 5 2 roll awidthshow}bind def
/E{0 rmoveto show}bind def
/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
/G{0 rmoveto 0 exch ashow}bind def
/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/I{0 exch rmoveto show}bind def
/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
/K{0 exch rmoveto 0 exch ashow}bind def
/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/M{rmoveto show}bind def
/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
/O{rmoveto 0 exch ashow}bind def
/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/Q{moveto show}bind def
/R{moveto 0 SC 3 -1 roll widthshow}bind def
/S{moveto 0 exch ashow}bind def
/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/SF{
findfont exch
[exch dup 0 exch 0 exch neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/MF{
findfont
[5 2 roll
0 3 1 roll
neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/level0 0 def
/RES 0 def
/PL 0 def
/LS 0 def
/MANUAL{
statusdict begin/manualfeed true store end
}bind def
/PLG{
gsave newpath clippath pathbbox grestore
exch pop add exch pop
}bind def
/BP{
/level0 save def
1 setlinecap
1 setlinejoin
72 RES div dup scale
LS{
90 rotate
}{
0 PL translate
}ifelse
1 -1 scale
}bind def
/EP{
level0 restore
showpage
}bind def
/DA{
newpath arcn stroke
}bind def
/SN{
transform
.25 sub exch .25 sub exch
round .25 add exch round .25 add exch
itransform
}bind def
/DL{
SN
moveto
SN
lineto stroke
}bind def
/DC{
newpath 0 360 arc closepath
}bind def
/TM matrix def
/DE{
TM currentmatrix pop
translate scale newpath 0 0 .5 0 360 arc closepath
TM setmatrix
}bind def
/RC/rcurveto load def
/RL/rlineto load def
/ST/stroke load def
/MT/moveto load def
/CL/closepath load def
/FL{
currentgray exch setgray fill setgray
}bind def
/BL/fill load def
/LW/setlinewidth load def
/RE{
findfont
dup maxlength 1 index/FontName known not{1 add}if dict begin
{
1 index/FID ne{def}{pop pop}ifelse
}forall
/Encoding exch def
dup/FontName exch def
currentdict end definefont pop
}bind def
/DEFS 0 def
/EBEGIN{
moveto
DEFS begin
}bind def
/EEND/end load def
/CNT 0 def
/level1 0 def
/PBEGIN{
/level1 save def
translate
div 3 1 roll div exch scale
neg exch neg exch translate
0 setgray
0 setlinecap
1 setlinewidth
0 setlinejoin
10 setmiterlimit
[]0 setdash
/setstrokeadjust where{
pop
false setstrokeadjust
}if
/setoverprint where{
pop
false setoverprint
}if
newpath
/CNT countdictstack def
userdict begin
/showpage{}def
}bind def
/PEND{
clear
countdictstack CNT sub{end}repeat
level1 restore
}bind def
end def
/setpacking where{
pop
setpacking
}if
%%EndResource
%%IncludeResource: font Palatino-Bold
%%IncludeResource: font Times-Roman
%%IncludeResource: font Courier
grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
def/PL 792 def/LS true def/ENC0[/asciicircum/asciitilde/Scaron/Zcaron
/scaron/zcaron/Ydieresis/trademark/quotesingle/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent
/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen
/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon
/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O
/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex
/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y
/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft
/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl
/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen
/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft
/logicalnot/minus/registered/macron/degree/plusminus/twosuperior
/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior
/ordmasculine/guilsinglright/onequarter/onehalf/threequarters
/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE
/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn
/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla
/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
/Courier@0 ENC0/Courier RE/Times-Roman@0 ENC0/Times-Roman RE
/Palatino-Bold@0 ENC0/Palatino-Bold RE
%%EndProlog
%%Page: 1 1
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(Cryptography in OpenBSD: An overview)179.087
141 Q(Theo de Raadt)319.973 210 Q(Niklas Hallqvist)308.83 233 Q
(Artur Grabowski)305.61 256 Q(Angelos D. Keromytis)279.401 279 Q
(Niels Provos)329.242 302 Q
({deraadt,niklas,art,angelos,provos}@openbsd.org)141.022 348 Q .012 LW
72.012 504.001 72.012 108.001 DL 108.012 504.001 36 -180.0000 90.0000 DA
273.612 540.001 108.012 540.001 DL 317.973 540.001 273.612 540.001 DL
633.261 540.001 474.051 540.001 DL 684.012 504.001 36 90.0000 0.0000 DA
720.012 108.001 720.012 504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA
108.012 72.001 684.012 72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA
/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G
2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G
(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 1)712.8 588 Q EP
%%Page: 2 2
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(Cryptography in Operating Systems: T)168.231
95 Q(oday)-2.553 E(Cryptography does not neccesarily provide security)
108 164 Q(..)-2.116 E
(But without hard and reliable security mechanisms,)108 210 Q
(crypto is often the only tool available in some \214elds,)108 233 Q
(ie. network "security")108 256 Q
(Crypto provides solutions for certain problems that)108 302 Q
(cannot be solved in other ways.)108 325 Q -2.553(To)108 371 S(day)2.553
E 5.75(,m)-2.116 G(ost systems ship with no cryptography)-5.75 E
(Some systems ship with very limited cryptography)108 417 Q 5.75(,i)
-2.116 G(e.)-5.75 E(DES or MD5 for authentication of passwords)108 440 Q
.012 LW 72.012 504.001 72.012 108.001 DL 108.012 504.001 36 -180.0000
90.0000 DA 273.612 540.001 108.012 540.001 DL 317.973 540.001 273.612
540.001 DL 633.261 540.001 474.051 540.001 DL 684.012 504.001 36 90.0000
0.0000 DA 720.012 108.001 720.012 504.001 DL 684.012 108.001 36 0.0000
-90.0000 DA 108.012 72.001 684.012 72.001 DL 108.012 108.001 36 -90.0000
180.0000 DA/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)
-.045 G 2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)
-.225 G(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 2)712.8 588 Q EP
%%Page: 3 3
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(Why?)365.973 95 Q
(All major operating systems are "shipped" from USA)108 141 Q
(... except for 2 or so \(OpenBSD, QNX; as far as I know\))108 164 Q
(Meanwhile non-USA Linux distributions wish to)108 210 Q
(avoid greater incompatible with their USA)108 233 Q(counterparts)108
256 Q(It')108 302 Q 5.75(sm)-1.265 G
(ay be a world of USA software, but it is a)-5.75 E
(WORLD market... so no crypto)108 325 Q
(Many groups are forced to come up with clever ways)108 371 Q
(to by-pass the laws..)108 394 Q .012 LW 72.012 504.001 72.012 108.001
DL 108.012 504.001 36 -180.0000 90.0000 DA 273.612 540.001 108.012
540.001 DL 317.973 540.001 273.612 540.001 DL 633.261 540.001 474.051
540.001 DL 684.012 504.001 36 90.0000 0.0000 DA 720.012 108.001 720.012
504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA 108.012 72.001 684.012
72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA/F1 9/Times-Roman@0 SF
(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G 2.25(nO)-2.25 G
(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G(un 10, 1999)
-163.71 E/F2 14/Courier@0 SF(Page 3)712.8 588 Q EP
%%Page: 4 4
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(Those darn pesky laws...)266.958 95 Q(IT)108
141 Q(AR prohibits export of cryptography from the USA,)-2.116 E
(but permits export of cryptography to Canada)108 164 Q
(Canada permits export of cryptography \(though a few)108 210 Q
(cases require registration\).)108 233 Q(However)11.5 E 5.75(,")-1.265 G
(free" types are)-5.75 E(always permitted)108 256 Q
(France: restrictive until recently; new rules USA-like)108 302 Q
(Germany: making statements about greater freedom)108 325 Q
(UK, Russia, Sweden: waddling)108 348 Q 3.404 -1.702(We s)108 394 T
(hip from Canada, and use only crypto from)1.702 E
(countries which satisfy our own rules of "free)108 417 Q(enough".)108
440 Q .012 LW 72.012 504.001 72.012 108.001 DL 108.012 504.001 36
-180.0000 90.0000 DA 273.612 540.001 108.012 540.001 DL 317.973 540.001
273.612 540.001 DL 633.261 540.001 474.051 540.001 DL 684.012 504.001 36
90.0000 0.0000 DA 720.012 108.001 720.012 504.001 DL 684.012 108.001 36
0.0000 -90.0000 DA 108.012 72.001 684.012 72.001 DL 108.012 108.001 36
-90.0000 180.0000 DA/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q
2.25(yi)-.045 G 2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E
163.71(wJ)-.225 G(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 4)712.8
588 Q EP
%%Page: 5 5
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(From where?)327.954 95 Q(Australia)108 141 Q
(Sweden)108 164 Q(Norway)108 187 Q(Germany)108 210 Q(Greece)108 233 Q
(Canada)108 256 Q(Denmark)108 279 Q(Finland)108 302 Q(UK)108 325 Q .012
LW 72.012 504.001 72.012 108.001 DL 108.012 504.001 36 -180.0000 90.0000
DA 273.612 540.001 108.012 540.001 DL 317.973 540.001 273.612 540.001 DL
633.261 540.001 474.051 540.001 DL 684.012 504.001 36 90.0000 0.0000 DA
720.012 108.001 720.012 504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA
108.012 72.001 684.012 72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA
/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G
2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G
(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 5)712.8 588 Q EP
%%Page: 6 6
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(And patents...)323.182 95 Q(In particular)108
141 Q 5.75(,R)-1.265 G(SA and their nasty lawyers.)-5.75 E
(Require a licence for commercial use of the RSA)108 187 Q
(algorithm within USA)108 210 Q 3.404 -1.702(We c)108 256 T
(annot use IDEA either)1.702 E 11.5(.M)-1.265 G(ore nasty lawyers.)-11.5
E(So... we use a trick to avoid the RSA licensing)108 302 Q(problem.)108
325 Q .012 LW 72.012 504.001 72.012 108.001 DL 108.012 504.001 36
-180.0000 90.0000 DA 273.612 540.001 108.012 540.001 DL 317.973 540.001
273.612 540.001 DL 633.261 540.001 474.051 540.001 DL 684.012 504.001 36
90.0000 0.0000 DA 720.012 108.001 720.012 504.001 DL 684.012 108.001 36
0.0000 -90.0000 DA 108.012 72.001 684.012 72.001 DL 108.012 108.001 36
-90.0000 180.0000 DA/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q
2.25(yi)-.045 G 2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E
163.71(wJ)-.225 G(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 6)712.8
588 Q EP
%%Page: 7 7
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(And the tie in to security)266.015 95 Q
(Our project place much emphasis on security)108 141 Q 5.106 -2.553
(To i)108 187 T(mprove security)2.553 E 5.75(,w)-2.116 G 5.75(ee)-5.75 G
(xpend signi\214cant ef)-5.75 E(fort)-.414 E(doing)108 210 Q 10.8<8345>
119.262 256 S -.414(ff)-10.8 G
(orts to repair problems as quickly as possible).414 E 10.8<8344>119.262
279 S(esign analysis)-10.8 E 10.8<8353>119.262 302 S(ource code audits)
-10.8 E(It would be irresponsible if we did not investigate)108 348 Q
(cryptographic solutions)119.5 371 Q .012 LW 72.012 504.001 72.012
108.001 DL 108.012 504.001 36 -180.0000 90.0000 DA 273.612 540.001
108.012 540.001 DL 317.973 540.001 273.612 540.001 DL 633.261 540.001
474.051 540.001 DL 684.012 504.001 36 90.0000 0.0000 DA 720.012 108.001
720.012 504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA 108.012 72.001
684.012 72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA/F1 9
/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G 2.25(nO)
-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G
(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 7)712.8 588 Q EP
%%Page: 8 8
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(So where does the crypto go)248.731 95 Q(SSH)
108 141 Q(SSL)108 164 Q(IPSEC)108 187 Q(IKE, photuris)131 210 Q
(DES, 3DES, Cast-128, Blow\214sh, Skipjack)131 233 Q
(MD5, SHA1, RIPEMD160)131 256 Q(Kerberos IV)108 279 Q(S/Key)108 302 Q
(strong and pseudo random numbers)108 325 Q(Secure storage)108 348 Q
(bcrypt)108 371 Q(In essence, little bits of it all over the place.)108
440 Q .012 LW 72.012 504.001 72.012 108.001 DL 108.012 504.001 36
-180.0000 90.0000 DA 273.612 540.001 108.012 540.001 DL 317.973 540.001
273.612 540.001 DL 633.261 540.001 474.051 540.001 DL 684.012 504.001 36
90.0000 0.0000 DA 720.012 108.001 720.012 504.001 DL 684.012 108.001 36
0.0000 -90.0000 DA 108.012 72.001 684.012 72.001 DL 108.012 108.001 36
-90.0000 180.0000 DA/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q
2.25(yi)-.045 G 2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E
163.71(wJ)-.225 G(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 8)712.8
588 Q EP
%%Page: 9 9
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(SSH)372.367 95 Q
(ssh v1 uses RSA code; besides... it is not really free)108 141 Q(code)
108 164 Q(ssh v2 can use other algorithms... even more restrictive)108
210 Q(licensing)108 233 Q(No free high-quality versions available yet.)
108 279 Q 3.404 -1.702(We W)108 325 T
(ISH there was a good free version!)1.702 E(However)108 371 Q 5.75(,w)
-1.265 G 5.75(ei)-5.75 G(nclude a package for each architecture)-5.75 E
(on our FTP sites, since we cannot include it on the CD.)108 394 Q .012
LW 72.012 504.001 72.012 108.001 DL 108.012 504.001 36 -180.0000 90.0000
DA 273.612 540.001 108.012 540.001 DL 317.973 540.001 273.612 540.001 DL
633.261 540.001 474.051 540.001 DL 684.012 504.001 36 90.0000 0.0000 DA
720.012 108.001 720.012 504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA
108.012 72.001 684.012 72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA
/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G
2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G
(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 9)712.8 588 Q EP
%%Page: 10 10
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(SSL \(Secure Sockets Layer\))253.871 95 Q
3.404 -1.702(We u)108 141 T(se SSLEA)1.702 E 2.53 -1.265(Y: a m)-2.553 H
(odern library supporting SSL2,)1.265 E(SSL3, and TLS)108 164 Q
(OpenSSL... the same thing but maintained)108 210 Q
(Commonly used to implement the "https" service)108 256 Q
(But also can be used for other things; our IPSEC IKE)108 302 Q
(daemon will link against it in the next release.)108 325 Q
(The library implements the unpatented and free DSA)108 371 Q
(algorithm, but SSLEA)108 394 Q 5.75(Ya)-2.553 G(lso does RSA -- which)
-5.75 E(prevents us from entering the USA market...)108 417 Q
(So we use a shared library trick to avoid the RSA)108 463 Q(issue.)108
486 Q .012 LW 72.012 504.001 72.012 108.001 DL 108.012 504.001 36
-180.0000 90.0000 DA 273.612 540.001 108.012 540.001 DL 317.973 540.001
273.612 540.001 DL 633.261 540.001 474.051 540.001 DL 684.012 504.001 36
90.0000 0.0000 DA 720.012 108.001 720.012 504.001 DL 684.012 108.001 36
0.0000 -90.0000 DA 108.012 72.001 684.012 72.001 DL 108.012 108.001 36
-90.0000 180.0000 DA/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q
2.25(yi)-.045 G 2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E
163.71(wJ)-.225 G(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 10)704.4
588 Q EP
%%Page: 11 11
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(IPSEC)362.144 95 Q
(Network layer security mechanism which can be used)108 141 Q
(in a variety of ways, ie. end-to-end, VPNs, etc.)108 164 Q
(Still being worked on at IETF: we are following all)108 210 Q
(developments, and sometimes leading)108 233 Q 3.404 -1.702(We h)108 279
T(ave: tunnel and transport mode, easy VPNs,)1.702 E
(photuris and isakmpd \(IKE\), all standard)108 302 Q
(cryptographic algorithms, and more)108 325 Q
(Security policy mechanisms being worked on)108 371 Q
(IPSEC matches our security goals very closely)108 417 Q 5.75(,s)-2.116
G 5.75(oo)-5.75 G(ur)-5.75 E
(developers spend a lot of time on this area)108 440 Q .012 LW 72.012
504.001 72.012 108.001 DL 108.012 504.001 36 -180.0000 90.0000 DA
273.612 540.001 108.012 540.001 DL 317.973 540.001 273.612 540.001 DL
633.261 540.001 474.051 540.001 DL 684.012 504.001 36 90.0000 0.0000 DA
720.012 108.001 720.012 504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA
108.012 72.001 684.012 72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA
/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G
2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G
(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 11)704.4 588 Q EP
%%Page: 12 12
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(Kerberos IV)331.784 95 Q(Primarily uses DES)
108 141 Q(K4 instead of K5... ours is from Sweden, but K5 is only)108
187 Q(from USA)108 210 Q 5.75(AK)108 256 S 5.75(5c)-5.75 G
(lone is under development in Sweden.. but not)-5.75 E(ready yet)108 279
Q(Besides speci\214c Kerberos tools, the following utilities)108 325 Q
(use Kerberos)108 348 Q
(login, xdm, su, rlogin[d], rsh[d], telnet[d], kx,)131 394 Q
(cvs, sudo, xlock, ...)131 417 Q .012 LW 72.012 504.001 72.012 108.001
DL 108.012 504.001 36 -180.0000 90.0000 DA 273.612 540.001 108.012
540.001 DL 317.973 540.001 273.612 540.001 DL 633.261 540.001 474.051
540.001 DL 684.012 504.001 36 90.0000 0.0000 DA 720.012 108.001 720.012
504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA 108.012 72.001 684.012
72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA/F1 9/Times-Roman@0 SF
(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G 2.25(nO)-2.25 G
(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G(un 10, 1999)
-163.71 E/F2 14/Courier@0 SF(Page 12)704.4 588 Q EP
%%Page: 13 13
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(S/Key)364.478 95 Q
(Our S/Key has been improved to match the)108 141 Q
(functionality of "opie")108 164 Q
(Uses MD4, MD5, SHA1, or RIPEMD-160 hashes)108 210 Q(RFC1938 compliant)
108 256 Q(S/Key is useful when other cryptographic mechanisms)108 302 Q
(are not trusted or available \(but... session snooping)108 325 Q
(and hijacking are still threats\))108 348 Q .012 LW 72.012 504.001
72.012 108.001 DL 108.012 504.001 36 -180.0000 90.0000 DA 273.612
540.001 108.012 540.001 DL 317.973 540.001 273.612 540.001 DL 633.261
540.001 474.051 540.001 DL 684.012 504.001 36 90.0000 0.0000 DA 720.012
108.001 720.012 504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA 108.012
72.001 684.012 72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA/F1 9
/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G 2.25(nO)
-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G
(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 13)704.4 588 Q EP
%%Page: 14 14
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(Randomness)328.288 95 Q
(For proper operation, our system often needs random)108 141 Q
(numbers of various characteristics and strengths)108 164 Q
(Kernel collects interrupt information and sustains an)108 210 Q
(entropy pool, to provide data to)108 233 Q
(seed cryptographic functions,)108 279 Q
(provide numbers for use as transaction ids,)108 302 Q
(use for whatever purpose the kernel or userland may)108 325 Q(want.)108
348 Q 5.75(An)108 394 S(umber of useful interfaces are described in the)
-5.75 E(paper)108 417 Q(.)-1.265 E .012 LW 72.012 504.001 72.012 108.001
DL 108.012 504.001 36 -180.0000 90.0000 DA 273.612 540.001 108.012
540.001 DL 317.973 540.001 273.612 540.001 DL 633.261 540.001 474.051
540.001 DL 684.012 504.001 36 90.0000 0.0000 DA 720.012 108.001 720.012
504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA 108.012 72.001 684.012
72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA/F1 9/Times-Roman@0 SF
(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G 2.25(nO)-2.25 G
(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G(un 10, 1999)
-163.71 E/F2 14/Courier@0 SF(Page 14)704.4 588 Q EP
%%Page: 15 15
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(Non-Repeating Randomness)244.924 95 Q 3.404
-1.702(We n)108 141 T(eeded to make DNS packet id')1.702 E 5.75(sm)
-1.265 G(ore random,)-5.75 E
(due to a trivial spoo\214ng attack \(1, 2, 3 .. is bad\))108 164 Q
(16 bit space: 15 bits are non-repeating random, high bit)108 210 Q
(toggles when 15 bits are exhausted and re-seeded)108 233 Q
(Makes DNS packets signi\214cantly harded to spoof)108 279 Q
(Same idea used to make IP ip_id stronger and harder)108 325 Q(to spoof)
108 348 Q .012 LW 72.012 504.001 72.012 108.001 DL 108.012 504.001 36
-180.0000 90.0000 DA 273.612 540.001 108.012 540.001 DL 317.973 540.001
273.612 540.001 DL 633.261 540.001 474.051 540.001 DL 684.012 504.001 36
90.0000 0.0000 DA 720.012 108.001 720.012 504.001 DL 684.012 108.001 36
0.0000 -90.0000 DA 108.012 72.001 684.012 72.001 DL 108.012 108.001 36
-90.0000 180.0000 DA/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q
2.25(yi)-.045 G 2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E
163.71(wJ)-.225 G(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 15)704.4
588 Q EP
%%Page: 16 16
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(More random places to use randomness)188.057
95 Q(Port numbers in the bind\(2\) system call)108 141 Q(Process ID')108
187 Q(s)-1.265 E(RPC and NFS RPC XID')108 233 Q(s)-1.265 E
(TCP ISS value)108 279 Q
(Inode generation numbers \(stronger \214lehandles\))108 325 Q
(For stronger random names in mktemp\(3\))108 371 Q
(And a whole lot more...)108 417 Q .012 LW 72.012 504.001 72.012 108.001
DL 108.012 504.001 36 -180.0000 90.0000 DA 273.612 540.001 108.012
540.001 DL 317.973 540.001 273.612 540.001 DL 633.261 540.001 474.051
540.001 DL 684.012 504.001 36 90.0000 0.0000 DA 720.012 108.001 720.012
504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA 108.012 72.001 684.012
72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA/F1 9/Times-Roman@0 SF
(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G 2.25(nO)-2.25 G
(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G(un 10, 1999)
-163.71 E/F2 14/Courier@0 SF(Page 16)704.4 588 Q EP
%%Page: 17 17
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(Secure Storage)318.375 95 Q 3.404 -1.702(We d)
108 141 T 5.75(on)1.702 G(ot have a crypto \214lesystem.)-5.75 E
(CFS works, but that is not an ideal solution.)108 187 Q
(Developers are looking into it, but a quality encrypted)108 233 Q
(\214lesystem is not as easy as simply encrypting the data)108 256 Q
(\(ie. issues regarding meta data, directories, fsck, etc\))108 279 Q
(Secure logging ef)108 325 Q(forts also underway)-.414 E .012 LW 72.012
504.001 72.012 108.001 DL 108.012 504.001 36 -180.0000 90.0000 DA
273.612 540.001 108.012 540.001 DL 317.973 540.001 273.612 540.001 DL
633.261 540.001 474.051 540.001 DL 684.012 504.001 36 90.0000 0.0000 DA
720.012 108.001 720.012 504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA
108.012 72.001 684.012 72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA
/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G
2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G
(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 17)704.4 588 Q EP
%%Page: 18 18
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(bcrypt)380.144 95 Q
(The unix password system is hopelessly antiquated.)108 141 Q
(This problem was attacked by Niels Provos, who will)108 187 Q
(describe his work in the next talk.)108 210 Q .012 LW 72.012 504.001
72.012 108.001 DL 108.012 504.001 36 -180.0000 90.0000 DA 273.612
540.001 108.012 540.001 DL 317.973 540.001 273.612 540.001 DL 633.261
540.001 474.051 540.001 DL 684.012 504.001 36 90.0000 0.0000 DA 720.012
108.001 720.012 504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA 108.012
72.001 684.012 72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA/F1 9
/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G 2.25(nO)
-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G
(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 18)704.4 588 Q EP
%%Page: 19 19
%%BeginPageSetup
BP
%%EndPageSetup
/F0 23/Palatino-Bold@0 SF(Conclusions)330.852 95 Q
(If you expect to see a particular piece of cryptographic)108 141 Q
(software in an operating system, look here \214rst.)108 164 Q
(Our cryptography ef)108 210 Q(forts stress integration, not add-)-.414
E(ons.)108 233 Q(If you are a non-USA cryptographer who believes in)108
279 Q(integrated crypto, we want to hear from you.)108 302 Q .012 LW
72.012 504.001 72.012 108.001 DL 108.012 504.001 36 -180.0000 90.0000 DA
273.612 540.001 108.012 540.001 DL 317.973 540.001 273.612 540.001 DL
633.261 540.001 474.051 540.001 DL 684.012 504.001 36 90.0000 0.0000 DA
720.012 108.001 720.012 504.001 DL 684.012 108.001 36 0.0000 -90.0000 DA
108.012 72.001 684.012 72.001 DL 108.012 108.001 36 -90.0000 180.0000 DA
/F1 9/Times-Roman@0 SF(Cryptograph)320.211 543.001 Q 2.25(yi)-.045 G
2.25(nO)-2.25 G(penBSD: An Ov)-2.25 E(ervie)-.135 E 163.71(wJ)-.225 G
(un 10, 1999)-163.71 E/F2 14/Courier@0 SF(Page 19)704.4 588 Q EP
%%Trailer
end
%%EOF
![[BACK]](/icons/back.gif){kind=icon}
Return to crypt-slides.ps CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www / papers