Wikipedia

OpenBSD security features: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Cryptography and randomization: Greatly expanded upon the swap encryption feature. OpenBSD remains the only prominent operating system to encrypt swap by default, and with no drawbacks.
Cryptography and randomization: Minor phrasing change.
Line 29:
In OpenBSD 5.3, support for [[full disk encryption]] was introduced,<ref>{{cite web|title=OpenBSD 5.3|url=http://www.openbsd.org/53.html|website=OpenBSD|access-date=May 26, 2016}}</ref> but enabling it during the installation of OpenBSD had required manual intervention from the user by exiting the installer and entering some commands. Starting from OpenBSD 7.3, the installer supports enabling full disk encryption using a guided procedure, not requiring manual intervention anymore.<ref>{{cite web |title=OpenBSD 7.3 |url=https://www.openbsd.org/73.html |website=www.openbsd.org |access-date=19 April 2023}}</ref><ref>{{cite web |title=Initial support for guided disk encryption in the installer |url=https://undeadly.org/cgi?action=article;sid=20230308063109 |website=undeadly.org |access-date=19 April 2023}}</ref>
 
To protect sensitive information such as [[password]]s from leaking on to disk, where they can persist for many years, OpenBSD supports encryption of swap space. The swap space is split up into many small regions that are each assigned their own encryption key, which is generated randomly and automatically with no input from the user, held entirely in memory, and never written to disk except when hibernating; as soon as the data in a region is no longer required, OpenBSD discards theits encryption key, effectively transforming the data in that region into useless garbage.<ref>{{cite conference |url=https://www.usenix.org/legacy/publications/library/proceedings/sec2000/provos.html |title=Encrypting Virtual Memory |last1=Provos |first1=Niels |author-link1=Niels Provos |date=August 14, 2000 |___location=Denver, Colorado |conference=9th [[USENIX]] Security Symposium |access-date=April 9, 2006 }}</ref> Toggling this feature can be done using a single ''sysctl'' configuration option, and doesn't require any prior setup, disk partitioning, or partition-related settings to be done/changed; furthermore, there is no choice of encryption parameters (such as the algorithm or key length to use), as strong parameters are always used. There is no harm and no loss of functionality with this feature, because the encryption keys used to access swapped processes are only lost when the computer crashes (e.g. power loss), after which all operating systems discard the previous contents of the memory and swap anyway, and because hibernation continues to work as usual with this feature. This feature is enabled by default in OpenBSD 3.8 (released in November 2005) and later; OpenBSD, as of 2022, remains the only prominent operating system to have swap encrypted by default independently of disk encryption and its user-provided password. (Windows requires{{citation needed}} toggling a configuration setting that is not presented in its user-facing ''Control Panel'' and ''Settings'' apps, and other operating systems, including macOS{{citation needed}}, FreeBSD<ref>{{cite web |title=Chapter 20. Storage — 20.14. Encrypting Swap |url=https://docs.freebsd.org/en/books/handbook/disks/#swap-encrypting |website=FreeBSD Documentation Portal |access-date=27 September 2023 |language=en}}</ref>, and every [[Linux kernel|Linux]]-based operating system{{citation needed}}, rely on the existing disk encryption features to encrypt the swap, which often (a) need to be enabled by the user manually, (b) require setup (if disk encryption wasn't chosen during the operating system's installation) which is not as trivial to do as toggling swap encryption on OpenBSD, and (c) use the user-provided password, which users need to remember and could be weak/guessable or even extracted out of the users.)
 
The [[network stack]] also makes heavy use of randomization to increase security and reduce the predictability of various values that may be of use to an attacker, including [[Transmission Control Protocol|TCP]] initial sequence numbers and timestamps, and ephemeral source ports.<ref>{{Cite web|url=http://www.securityfocus.com/columnists/361|title=OpenBSD's network stack|last=Biancuzzi|first=Federico|date=October 12, 2005|publisher=[[SecurityFocus]]|access-date=December 10, 2005}}</ref> A number of features to increase network resilience and availability, including countermeasures for problems with [[Internet Control Message Protocol|ICMP]] and software for redundancy, such as [[Common Address Redundancy Protocol|CARP]] and [[pfsync]], are also included. The project was the first to disable the plain-text [[telnet]] daemon in favor of the encrypted [[Secure shell|SSH]] daemon, in 1999,<ref>{{cite web |date=10 April 1999 |first1=Theo |last1=de Raadt |author-link1=Theo de Raadt |title=disable telnet/ftp/login by default, for now |url=http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/Attic/inetd.conf?rev=1.32&content-type=text/x-cvsweb-markup|work=OpenBSD}}</ref> and features other integrated cryptographic software such as [[IPsec]]. The telnet daemon was completely removed from OpenBSD in 2005<ref>{{cite web |url=http://marc.info/?l=openbsd-cvs&m=111700017509177&w=2 |quote=Removed files: libexec/telnetd |title=CVS: cvs.openbsd.org: src |first1=Theo |last1=de Raadt |author-link1= Theo de Raadt |website=OpenBSD-CVS mailing list |date=25 May 2005}}</ref> before the release of OpenBSD version 3.8.
Retrieved from "https://en.wikipedia.org/wiki/OpenBSD_security_features"