Check out the new USENIX Web site. next up previous
Next: Acknowledgments Up: Cryptography in OpenBSD: An Previous: Bcrypt


  In this paper, we gave an overview of the cryptography used in OpenBSD. We presented the supported network security mechanisms, with particular emphasis on IP security. We then discussed the various uses of randomness throughout the system. Finally, we briefly covered our plans for future work in the area of secure storage.

A lot of work remains to be done. In the short term, we need to complete the remaining parts of those mechanisms still under development, keeping in mind of course that security (and standards) is a moving target, and constant maintenance and updating will be needed. Beyond that, integration with existing and new utilities is a major item in our agenda. Finally, we are considering new mechanisms that address different problems, e.g., untrusted-code containment.

It is important to note that all the mechanisms described in this paper are currently in use, solving real problems. We hope that this paper will encourage others to add these or similar mechanisms in their systems.

& D. Keromytis