Abstract

Cryptographic mechanisms are an important security component of an operating system in securing the system itself and its communication paths. Indeed, in many situations, cryptography is the only tool that can solve a particular problem, e.g., network-level security. While cryptography by itself does not guarantee security, when applied correctly, it can significantly improve overall security. Since one of the main foci of the OpenBSD system is security, various cryptographic mechanisms are employed in a number of different roles.

This paper gives an overview of the cryptography employed in OpenBSD. We discuss the various components (IPsec, SSL libraries, stronger password encryption, Kerberos IV, random number generators, etc.), their role in system security, and their interactions with the rest of the system (and, where applicable, the network).