"The mantra of any good security engineer is: "Security is not a product, but a process." It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together."

-- Bruce Schneier, author of "Applied Cryptography".


Why do we ship cryptography?.
Pseudo Random Number Generators (PRNG): ARC4, ...
Cryptographic Hash Functions: MD5, SHA1, ...
Cryptographic Transforms: DES, Blowfish, ...
Cryptographic Hardware support
International Cryptographers wanted
Further Reading

Why do we ship cryptography?

In three words: because we can.

The OpenBSD project is based in Canada.

The Export Control List of Canada places no significant restriction on the export of cryptographic software, and is even more explicit about the free export of freely-available cryptographic software. Marc Plumb has done some research to test the cryptographic laws.

Hence the OpenBSD project has embedded cryptography into numerous places in the operating system. We require that the cryptographic software we use be freely available and with good licenses. We do not directly use cryptography with nasty patents. We also require that such software is from countries with useful export licenses because we do not wish to break the laws of any country. The cryptographic software components which we use currently were written in Argentina, Australia, Canada, Germany, Greece, Norway, and Sweden.

When we create OpenBSD releases or snapshots we build our release binaries in free countries to assure that the sources and binaries we provide to users are free of tainting. In the past our release binary builds have been done in Canada, Sweden, and Germany.

OpenBSD ships with Kerberos IV included. The codebase we use is the exportable KTH-based release from Sweden. Our X11 source has been extended to make use of Kerberos IV as well. Kerberos V support will appear sometime in 2000, but at present time a freely exportable Kerberos V release does not exist.

OpenBSD was the first operating system to ship with an IPSEC stack. We've been including IPSEC since early OpenBSD 2.1 release in 1997. Our fully conformant in-kernel IPSEC stack, with hardware acceleration based on a number of cards, and our own free ISAKMP daemon, is used as one of the machines in the IPSEC conformance testbed run by VPNC.

Today cryptography is an important means for enhancing the security of an operating system. The cryptography utilized in OpenBSD can be classified into various aspects, described as follows.


What is the first thing most people do after installing OpenBSD? They install Secure Shell (ssh) from the ports tree or the packages on the FTP sites. Until now, that is.

As of the 2.6 release, OpenBSD contains OpenSSH, an absolutely free and patent unencumbered version of ssh. As of the OpenBSD 2.6 release date, OpenSSH interoperated with ssh version 1 and had many added features,

Roughly, we took a free license release of ssh and OpenBSD-ifyed it. We get around the USA-based RSA patent by providing an easy way to automatically download and install a RSA-enabled package containing shared library versions of libcrypto and libssl. These packages are based on OpenSSL. People living outside the USA can freely use the RSA patented code, while people inside the USA can freely use it for non-commercial purposes. It appears as if companies inside the USA can use the RSA libraries too, as long as RSA is not used in a profit generating role.

But this way almost everyone will get ssh built into their OS.

NEW! OpenSSH supports protocol 2.0!

Recently, we have extended OpenSSH so that it also does SSH 2 protocol. Having a ssh daemon which can do all 3 major SSH protocols (1.3, 1.5, 2.0) permits us much flexibility. Protocol 2.0 does not use RSA for it's public key cryptography, relying instead on the DH and DSA algorithms. In OpenBSD 2.7 -- which will ship with the new OpenSSH -- you get protocol 2.0 support right out of the box! If you wish to also support protocol 1.3 and 1.5, you simply add the RSA package (as described our ssl manual page), and restart the daemon.

Pseudo Random Number Generators

A Pseudo Random Number Generator (PRNG) provides applications with a stream of numbers which have certain important properties for system security:

A PRNG is normally just an algorithm where the same initial starting values will yield the same sequence of outputs. On a multiuser operating system there are many sources which allow seeding the PRNG with random data. The OpenBSD kernel uses the mouse interrupt timing, network data interrupt latency, inter-keypress timing and disk IO information to fill an entropy pool. Random numbers are available for kernel routines and are exported via devices to userland programs. So far random numbers are used in the following places:

Cryptographic Hash Functions

A Hash Function compresses its input data to a string of constant size. For a Cryptographic Hash Function it is infeasible to find:

In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, e.g:

Cryptographic Transforms

Cryptographic Transforms are used to encrypt and decrypt data. These are normally used with an encryption key for data encryption and with a decryption key for data decryption. The security of a Cryptographic Transform should rely only on the keying material.

OpenBSD provides transforms like DES, 3DES, Blowfish and Cast for the kernel and userland programs, which are used in many places like:

Cryptographic Hardware Support

OpenBSD, starting with 2.7, has begun supporting some cryptography hardware such as accelerators and random number generators.

If people wish to help with writing drivers, come and help us.

International Cryptographers Wanted

Of course, our project needs people to work on these systems. If any non-American cryptographer who meets the constraints listed earlier is interested in helping out with embedded cryptography in OpenBSD, please contact us.

Further Reading

A number of papers have been written by OpenBSD team members, about cryptographic changes they have done in OpenBSD. The postscript versions of these documents are available as follows.

OpenBSD www@openbsd.org
$OpenBSD: crypto.html,v 1.74 2001/01/31 22:36:14 deraadt Exp $