OpenBSD security features: Difference between revisions

{{Short description|Security features as used in OpenBSD operating system}}

{{Use mdy dates|date=June 2016}}

 

The [[OpenBSD]] [[operating system]] focuses on [[computer security|security]] and the development of security features.{{r|Korff-Hope-and-Potter-2005}}{{r|Lucas-2013|p=xxvii}}{{r|Palmer-and-Nazario-2004}} According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."{{r|Lucas-2013|p=xxix}}

 

===Signify===

The OpenBSD project had invented their own utility for cryptographic signing and verification of files, <code>signify</code>,<ref name="BSDCan 2015 signify paper">{{cite web |last1=Unangst |first1=Ted |title=signify: Securing OpenBSD From Us To You |url=https://www.openbsd.org/papers/bsdcan-signify.html |website=www.openbsd.org |publisher=BSDCan 2015 (June), Ottawa, Canada |access-date=12 July 2022 |ref=bsdcan-signify}}</ref> instead of using existing standards and software such as [[OpenPGP]] and [[GNU Privacy Guard|GnuPG]]. The creator of the <code>signify</code> utility, Ted Unangst, wrote in 2015, speaking of [[OpenPGP]] and [[GNU Privacy Guard|GnuPG]]: ''"The concerns I had using an existing tool were complexity, quality, and complexity."''<ref name="BSDCan 2015 signify paper" /> This is in line with the project's longtime tendency to reduce complexity, and [[Vulnerability (computing)#Causes|in turn, reduce the probability of vulnerabilities]] existing in the software, and help the user understand the software better and make more security-educated decisions. <code>signify</code> is integrated into the base operating system and used for verification of all releases, patches, and packages starting with OpenBSD 5.5.<ref>{{cite web |title=OpenBSD 5.5 |url=https://www.openbsd.org/55.html |website=www.openbsd.org |access-date=12 July 2022}}</ref><ref>{{cite web |title=OpenBSD: Innovations |url=https://www.openbsd.org/innovations.html |website=www.openbsd.org |ref=innovations}}</ref> In contrast, other [[Free Software]] operating systems and security-focused software tend to use [[OpenPGP]] for release verification, and as of 2022 continue to do so, including: [[Debian]], a prominent operating system that's also used as a base for other operating systems, including [[Ubuntu]];<ref>{{cite web |title=Verifying authenticity of Debian images |url=https://www.debian.org/CD/verify |website=www.debian.org |access-date=12 July 2022}}</ref> [[Kali Linux]], a specialized operating system for [[penetration testing]], security research, [[digital forensics]], and [[Reverse engineering#Software|reverse engineering]];<ref>{{cite web |title=Download Kali Linux Images Securely {{!}} Kali Linux Documentation |url=https://www.kali.org/docs/introduction/download-images-securely/ |website=Kali Linux |access-date=12 July 2022 |language=English}}</ref> [[Qubes OS]], a security-focused operating system;<ref>{{cite web |title=Verifying signatures |url=https://www.qubes-os.org/security/verifying-signatures/ |website=Qubes OS |access-date=12 July 2022 |language=en}}</ref> [[Tor Browser]], an anonymous Web browser;<ref>{{cite web |title=How can I verify Tor Browser's signature? {{!}} Tor Project {{!}} Support |url=https://support.torproject.org/tbb/how-to-verify-signature/ |website=support.torproject.org |access-date=12 July 2022}}</ref> [[SecureDrop]], a software package for journalists and whistleblowers to exchange information securely and anonymously over the Internet;<ref>{{cite web |title=Share and accept documents securely |url=https://securedrop.org/ |website=SecureDrop |publisher=Freedom of the Press Foundation |access-date=12 July 2022 |language=en}}</ref> and [[VeraCrypt]], a software program for [[on-the-fly encryption]] and [[full disk encryption]].<ref>{{cite web |title=VeraCrypt - Free Open source disk encryption with strong security for the Paranoid |url=https://veracrypt.fr/en/Digital%20Signatures.html |website=veracrypt.fr |publisher=IDRIX |access-date=12 July 2022}}</ref>