Slashdot Mirror
FreeBSD 4.1.1 Includes RSA
Eladio McCormick writes: "Yeah, I know point releases are not by themselves huge news, but FreeBSD 4.1.1-RELEASE represents a major event, in that the base distribution now includes RSA. Info on the release is online." We've had a number of submissions about this one -- good to see the patent come off, and encryption working its way into more things.
Didn't they say they would never do a 4.x.x release ? (only a 4.x)..
UPS Sucks
Does everything have to further Gnu Linux ? There are people like me who prefer FreeBSD for server applications. This is a great step to make more secure FreeBSD servers (and the next step will probably be the various Gnu Linux distributions including this.. Only FreeBSD did it first.
UPS Sucks
This the way server need to be secure when you install it. I hope that more linux distros start doing this also. When will they start incorperating RSA in thier distros.
Please use your mirrors. I know not all of them have updated, but there are a TON of mirrors (ftp..freebsd.org) and usually even there you have a number of ftp sites. Like, for instance, ftp5.freebsd.org has most of 4.1.1-RELEASE ready.
The REAL sam_at_caveman_dot_org is user ID 13833.
Its all good. The more cryptography gets into more computers, the more difficult it will become for governments to regulate it. Computers will become more secure, and crackers will become less of a black hat for government agencies. The linux distros ought to follow suit. Before long, folks will be encrypting everything. THEN, the FBI will have to do real investigating, instead of trolling for leads with Carnivore. It means more freedom.
-- Rich
Free your mind and your Ass will follow -- George Clinton
I just downloaded red hat 7.0 and loaded it onto a test machine. I noticed on bootup that it loads some RSA stuff.
Just letting you know that if you absolutely want to go play with this (something I plan to do now that I saw it's already on my test box) and the mirrors you are getting BSD from are full, red hat has it, too.
Wheeeee
> But this does nothing to get Linux onto
> mainstream desktops.
Nor does it do anything to make lemons bigger or encourage owls to explode.
Perhaps that's because it isn't intending to do any of these things, and nobody is suggesting that it should?
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
I was following the discussion on -stable, and it looks like one of developers said something on IRC about a 4.1.1, and later said "well, I guess I'm stuck now." or something along those lines.
-- Absinthe, absinthe@jlc.net
http://www.landofsunshine.net
This time next year, look at the number of products that appeared since the patent expired, and the ways they use it.
Where do you see the innovation happening?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Unless I missed something while looking through the sources, they've just added more tools/libraries (openssl, openssh, etc.), not modified the filesystem code in the kernel.
This message is provided under the terms outlined at http://www.bero.org/terms.html
Right, but it definitely adds to security and makes it easier to build a secure system.
If someone sniffs on your connection and you're using telnet, enjoy.
If someone sniffs on your connection and you're using ssh (basically == telnet+cryptography), not too much of a problem.
This message is provided under the terms outlined at http://www.bero.org/terms.html
RSA actually isn't very complex (relatively speaking, of course). It's been in any decent college-level discrete mathematics textbook for years. CS students are taught to do it in their heads (mind you, the human brain is a lot slower than a computer at this sort of thing, but the algorithm holds).
So no, it's no surprise that the BSD folks could get an implementation going. The Mozilla folks have had their OSS RSA out for a week already.
And, oh yeah, [i]everyone [/i]wanted RSA, even when you had to pay for a license. What we were mad about was RSA's abuse of the patent system (never mind the issues of software patents; they had freely published this themselves for so long that in any sane country it would be considered prior art; in fact they published it for so long that even by the US system it should have been considered as such).
----------
It might sound a bit silly, but this isn't actually such a bad idea. At least it would make for some killer marketing:
FreeBSD.
Encouraging owls to explode since the year 2000.
--
Pokéthulhu
Gotta catch you all!
I really think people are going over the top with encryption - we'll be encrypting water molecules as they enter our homes next!
/some/ people, but nearly no-one needs this (the government really doesnt CARE about most people at all). Certainly only idiots would encrypt their root filesystem.
I dont want to encrypt my entire HDD - data recovery is much harder, its slower, until the encryption is done in hardware, its unneccessarily complicated, something that is NOT a good idea in a filesystem, and offers no benefits over simply encrypting your sensitive data in an archive.
I guess there would be scope for an encrypted partition for
why isn't it on their already?
/usr/ports/security/rsaref
/etc/inetd.conf
on 4.0 and 4.1 just do this:
cd
make
[hit enter to agree]
make install
vi
[insert the lines]
sshd_enable="YES"
inetd_enable="NO"
sendmail_enable="NO"
portmap_enable="NO"
syslogd_flags="-s"
much more secure eh?
This isn't directly related to RSA, but it got me thinking: now that strong crypto isn't considered a 'munition' anymore, it'd really be a good time to start including the IPSEC hooks for FreeS/WAN in the stock Linux kernel. FreeS/WAN is a great package, and it enables really good VPN's to be done on a shoestring. Unfortunately, it requires a kernel patch. I'd like to see the relevant IPSEC hooks in the stock kernel now.
--
Tired of FB/Google censorship? Visit UNCENSORED!
What about safe, unsnoopable FTP sessions? I'd like that when I'm constantly logging into an FTP site to upload a webcam pic(ChillCAM refuses to stay connected for some reason, which ticks me off)
You've obviously never install NT or 2000 Advanced server. Talk about useless stuff being installed and running.
My personal favorite is the qotd (Quote of the Day) server. VERY useful.
This is not something "new" for FreeBSD. For some time the base system has included RSA based encryption (for OpenSSH). What is new is that there is now only one distribution, not a USA version and an International version.
What occurred in the past was that the RSA code could come from two sources - a USA patented version, which required a licence for commercial use, and an international free version (which was also cleaner and faster). If you were a USA resident you were required to install the librsa port to obtain RSA based encryption.
Since the changes in the patent, there is now no need for the RSA Data Security library, and so the international library is used in all cases, and we now longer have to have two seperate distributions, and all of the Makefile goop to handle having two slightly different libs for USA/non USA.
It also means that RSA can be used commercially without a licence.
Regards,
-Jeremy (reg@FreeBSD.org)
OpenBSD has sftp support now. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ ssh/Makefile
it's an ftp-only release, no CDs will be burnt until November when 4.2 will be rolling our way.
There was a lot of people who wanted to ditch rsaref and use better rsa implementations, so this release grants them that ability, for the small price of a little bandwidth.
"Don't trolls get tired?"
a) Data recovery is always going to be tricky with a multitasking multiuser OS.
b) If you only encrypt your 'sensitive' data, then whoever you're hiding from know's what you think's important leaving them with only a few hundred K to decrypt. However, if you're whole hdd is encrypted, then they'll have to dig through multiple gigs of metalica MP3s in order to find your plans for bombing the UN building.
Note: This post is not an endorsement of MP3 piracy. Piracy is bad, and will cause Lars Ulrich's children to starve. Do you really want to know that you killed children in order to save $15 on some music that your parents wouldn't want you listening to anyways? DON'T DO IT
my sig's at the bottom of the page.
However, I can certainly see the value of an encrypting filesystem. I'd save my mail on it, so that if someone was to open the case on my system and remove the drive, it doesn't do them any good. Everyone has some files they'd like to keep private. Unless you go for secured hardware, encryption is the only way to do this. Unless the program supports encryption nativily, then an encrypting filesystem is the second best option.
I thought that windows _WAS_ random crap.
OpenBSD does include a lot of extra junk, but a default installation has Apache, etc turned off by default.
I do not deploy Linux. Ever.
Not only that, but Rivest did a "stealth release" of the paper - handing them out unannounced at the start of the meeting where he presented it.
One of the people in the audience then made a few hundred copies of his copy and anonymously snail-mailed them to potentially interested open-cryptography researchers all over the place.
The idea was to keep the US security agencies from putting this genie back in the bottle.
(Of course the US-only patent effectively kept open-source software authors in the US from using it, while the export rules kept the US commercial software authors in check. Smart move on the gov's part...)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Personally, I think it's a crime the way the Wu Tang Clan has been a victim of the US Government's conspiracy to suppress rap music by outlawing the works of RZA and others for export. They are making it illegal to listen to the Wu, and that's against the first amendment guaranteeing freedom of information which needless to say should be free to make it's own (albeit informed) opinions.
Free music from Jack Merlot.