Date: Sun, 1 Mar 1998 19:10:53 -0700 (MST) From: Atipa <freebsd@atipa.com> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: Andrew McNaughton <andrew@squiz.co.nz>, freebsd-security@FreeBSD.ORG Subject: Re: crypto tunnel - international Message-ID: <Pine.BSF.3.91.980301185925.19275A-100000@dot.ishiboo.com> In-Reply-To: <13614.888689218@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan, OpenBSD has photurisd and ipsec built-in. These utilities are designed to maintain encypted tunnels and pipes, with dynamically changing keys. They have a special device built into the kernel (enc0) for encrypted data transport. tun0 can be used, but enc0 is definitely preferrable. OpenBSD uses des, md5, sha1, and Blowfish (for password encryption). They also take great care to provide a very high-entropy pool for creating keys and such. Kevin On Sat, 28 Feb 1998, Jordan K. Hubbard wrote: > > Some of our customers faced this problem as well, and the simplest thing > > to use was OpenBSD. Since OpenBSD has cryptography built in to the OS, it > > is very easy to set up secure tunneling. > > Can you explain *precisely* what you mean by "cryptography built in to > the OS?" > > > OpenBSD is a product of Canada, so they can use full-strength > > cryptography. Once it is installed in the US, it is non-exportable, but > > the international sites can download directly from Canada :) > > And we've been exporting said crypto from ftp.freebsd.org as well, > which is in a region of the U.S. which falls under Judge Patel's decision. > I really don't see what OpenBSD can export which we cannot and it would > be really nifty if you could give us details on what is missing from > FreeBSD. > > Jordan > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.980301185925.19275A-100000>