The Export Control List of Canada places no significant restriction on the export of cryptographic software, and is even more explicit about the free export of freely-available cryptographic software. Marc Plumb has done some research to test the cryptographic laws.
Hence the OpenBSD project has embedded cryptography into numerous places in the operating system. We require that the cryptographic software we use be freely available and with good licenses. We do not use cryptography with nasty patents. We also require that such software is from a countries with useful export licenses because we do not wish to break the laws of any country.
When we make OpenBSD releases or snapshots we do our build processes in free countries to assure that the sources and binaries we provide to users are free of tainting. In the past our release binary builds have been done in Canada, Sweden, and Germany.
Today cryptography is an important mean for enhancing the security of an operating system. The cryptography utilized in OpenBSD can be classified into three different aspects:
Pseudo Random Number Generators
A Pseudo Random Number Generator (PRNG) provides applications with a stream of
numbers which have certain important properties for system security:
Since a PRNG is normally just an algorithm where the same initial
starting values will yield the same output. On a multiuser operating
system there are many sources which allow seeding the PRNG with random
data. The OpenBSD kernel uses the mouse interrupt timing, network data
interrupt latency, inter-keypress timing and disk IO information to
fill an entropy pool. Random numbers are available for kernel
routines and are exported via devices to userland programs.
In OpenBSD random numbers are used in many places, such as
Cryptographic Hash Functions
A Hash Function compresses its input data to a string of
constant size. For a Cryptographic Hash Function it is infeasible to find
In OpenBSD MD5 and SHA1 are used as Cryptographic Hash Functions, e.g.
Cryptographic Transforms
Cryptographic Transforms are used to encrypt and decrypt data. There are
normally provided with an encryption key for data encryption and with a
decryption key for data decryption. The security of a Cryptographic Transform
should rely only on the keying material.
OpenBSD provides, e.g. DES and Blowfish encryption for the kernel and userland
programs, which are used, e.g.
www@openbsd.org
$OpenBSD: crypto.html,v 1.10 1998/02/23 18:36:03 deraadt Exp $