Forgot your password?
typodupeerror
Encryption Operating Systems BSD

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto 232

Posted by Soulskill
from the those-signatures-will-be-worth-a-lot-of-money-some-day dept.
ConstantineM writes "It's official: 'we are moving towards signed packages,' says Theo de Raadt on the misc@ mailing list. This is shortly after a new utility, signify, was committed into the base tree. The reason a new utility had to be written in the first place is that gnupg is too big to fit on the floppy discs, which are still a supported installation medium for OpenBSD. Signatures are based on the Ed25519 public-key signature system from D. J. Bernstein and co., and his public domain code once again appears in the base tree of OpenBSD, only a few weeks after some other DJB inventions made it into the nearby OpenSSH as well."
This discussion has been archived. No new comments can be posted.

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

Comments Filter:
  • What does openBSD have to do with tattooing your Johnson?

  • by danpbrowning (149453) on Sunday January 19, 2014 @01:28AM (#46003275)

    Many members are up in arms over the large new utility: "Programmers these days with their fancy new computers and their gigantic 'five and a quarter' new-age magnetic spinning discs are constantly looking down on us 'old-fashioned' punch-card programmers. Why can't they write a new utility that supports six rows of 8-bit EBCDIC? Laziness. This just proves that OpenBSD don't care about small, home-built systems. Sixty four bytes is big enough for anybody."

  • by johnwbyrd (251699) on Sunday January 19, 2014 @01:30AM (#46003283) Homepage

    Okay, so what are you going to do about that paranoia? Use OpenBSD? That's too bad, because the NSA has already inserted cryptospy code into the distribution without Theo's knowledge. Oh, so you'll just compile it yourself from the sources, and read and review them all yourself? Too bad because your compiler has code in it that secretly inserts itself when it detects compilation of the OpenBSD kernel. Oh, but you're going to review all the compiler source code yourself and do a Canadian cross to build a clean compiler which you will then use to build a clean OpenBSD kernel from source? Too bad, because Bernstein has been paid gold in a secret numbered bank account in Thailand to insert a bug that will only manifest when it checks the installation of a new kernel on your machine.

    Eventually, you have to put your tinfoil hat away and figure out how to get some work done on that there computer. Paranoia has a useful limit.

Numeric stability is probably not all that important when you're guessing.

Working...