Content deleted Content added
Clarity |
Change relative date to an absolute one (so it can't go stale) |
||
Line 27:
To protect sensitive information such as [[password]]s from leaking on to disk, where they can persist for many years, OpenBSD supports encryption of the swap partition. The swap space is split up into many small regions that are each assigned their own encryption key: as soon as the data in a region is no longer required, OpenBSD securely deletes it by discarding the encryption key.<ref>{{cite conference |url=https://www.usenix.org/legacy/publications/library/proceedings/sec2000/provos.html |title=Encrypting Virtual Memory |last1=Provos |first1=Niels |author-link1=Niels Provos |date=August 14, 2000 |___location=Denver, Colorado |conference=9th [[USENIX]] Security Symposium |accessdate=April 9, 2006 }}</ref> This feature is enabled by default in OpenBSD 3.9 and later.
The [[network stack]] also makes heavy use of randomization to increase security and reduce the predictability of various values that may be of use to an attacker, including [[Transmission Control Protocol|TCP]] initial sequence numbers and timestamps, and ephemeral source ports.<ref>{{Cite web|url=http://www.securityfocus.com/columnists/361|title=OpenBSD's network stack|last=Biancuzzi|first=Federico|date=October 12, 2005|publisher=[[SecurityFocus]]|access-date=December 10, 2005}}</ref> A number of features to increase network resilience and availability, including countermeasures for problems with [[Internet Control Message Protocol|ICMP]] and software for redundancy, such as [[Common Address Redundancy Protocol|CARP]] and [[pfsync]], are also included. The project was the first to disable the plain-text [[telnet]] daemon in favor of the encrypted [[Secure shell|SSH]] daemon,
== X11 ==
| |||