USENIX Technical Program - Abstract - USENIX 99
Cryptography in OpenBSD: An Overview
Theo de Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, and
Niels Provos, The OpenBSD Project
Cryptographic mechanisms are an important security component of an
operating system in securing the system itself and its communication
paths. Indeed, in many situations, cryptography is the only tool that
can solve a particular problem, e.g., network-level security.
While cryptography by itself does not guarantee security, when applied
correctly, it can significantly improve overall security. Since one of
the main foci of the OpenBSD system is security, various cryptographic
mechanisms are employed in a number of different roles.
This paper gives an overview of the cryptography employed in OpenBSD.
We discuss the various components (IPsec, SSL libraries, stronger
password encryption, Kerberos IV, random number generators,
etc.), their role in system security, and their interactions with the
rest of the system (and, where applicable, the network).
- View the full text of this paper in
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.