Subject: Re: questions about netbsd
To: KroNiC~BSD <kronic_bsd@fastmail.fm>
From: David Maxwell <david@vex.net>
List: port-i386
Date: 02/09/2003 18:59:11
On Sun, Feb 09, 2003 at 02:45:49PM -0600, KroNiC~BSD wrote:
> >>>such as the blowfish password algorithm?
> OK, Thanks.....Now would it be possible to use another algorithm such as
> AES or Blowfish?
If you're still talking about password scrambling algorithms, then
you've missed the point a bit...
AES and Blowfish were designed with a particular set of criteria in
mind. The winning AES was chosen from a range of submissions designed to
meet specific goals.
One of the objectives is fast processing. However, traditionally in a
password hash, fast processing is a weakness, since it makes dictionary
attacks easier. Modern Unix systems use shadow password files (not
globally readable) as a defense in depth method - since users really
don't need access to the password hashes, but just plopping 'the latest
greatest crypto algorithm' into the password hash would be a mistake.
> I am still trying to find out what's different in regards to security in
> netbsd vrs. openbsd. Openbsd says they use encryption built into several
> areas of the operating system....anyone know exactly which areas and how
> if needed i can add this to the appropriate areas of netbsd?
You don't need to add it, it's already there. NetBSD was the first open
source OS with AES support, and except for the lack of hardware crypto
acceleration, I'm not aware of any cryptograpic advantage OpenBSD has
over NetBSD.
> Another question: Can i encrypt the swap space on netbsd?
Not by flipping a switch on your swapspace, but yes, by swapping to a
file on an encypted filesystem, for example.
What attack scenario are you concerned about, such that you want that
feature?
--
David Maxwell, david@vex.net|david@maxwell.net -->
(About an Amiga rendering landscapes) It's not thinking, it's being artistic!
- Jamie Woods