We would like to thank our sponsors Private Internet Access and DuckDuckGo for helping to fund this security review, as well as all of our donors and individual supporters. This crucial work doesn’t happen without support from the community. The quick and dirty: OpenSSL version 1.1.1 was evaluated with special foci on new TLS…
OSTIF is Partnering with the Internet Bug Bounty and HackerOne for Bug Bounties! The Open Source Technology Improvement Fund will be partnering with the Internet Bug Bounty and HackerOne in a partnership that will get our supported projects listed on HackerOne with no overhead costs! HackerOne is the de-facto site…
It has been a while since we have done a round of updates on what we are working on. We have a number of projects that are currently active and more starting up. Throughout 2019 we expect to finish more than twice as many total projects and to continue with…
Bulletproofs are a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs are a trustless proofs setup that are substantially smaller than the current Borromean style range proofs that were previously used, which reduces the size of Monero transactions by 80-90%. Monero’s latest network update,…
We have completed the security review of the new Pseudorandom Number Generator (PRNG) for OpenSSL1.1.1. This security review was sponsored by Private Internet Access, ExpressVPN, DuckDuckGo, OpenVPN, and the privacy community. Random number generation is a crucial component in all cryptography, because the “randomness” of numbers is the mechanism that makes secret numbers hard to guess. Problems…
Kudelski Security has done a review of Monero Bulletproofs, a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs is a trustless proofs setup that is substantially smaller than the current Borromean style range proofs that are currently used, promising to make Monero transactions 10-20%…
OSTIF is Registered and Verified on Benevity Benevity is a charity donation platform that allows employees at participating companies to directly donate to causes that they support. Hundreds of large companies use Benevity to help their employees with charitable giving. (Google, Apple, Microsoft, ADP, Prudential, Samsung, and many others) Our…
OSTIF CEO Derek Zimmer has left VikingVPN to join London Trust Media The founder of OSTIF has a new day job, working for London Trust Media as the Vice President of Marketing and Strategy. This offer was made after years of working together with Private Internet Access on the OSTIF…
OpenSSL and Monero Bulletproofs Audits are Underway! We have confirmed that QuarksLab has began the work of reviewing OpenSSL 1.1.1 (the current beta version that implements TLS 1.3, a huge cryptography update.) They are currently working on TLS 1.3 and the updated random number generator to search for biases or…
UPDATE: We are now 81% funded! Keep spreading the word! Matched donations by DuckDuckGo on Crowdrise here: https://www.crowdrise.com/o/en/campaign/ostif1/ostif Ways to contribute for FREE: https://ostif.org/how-to-contribute-to-ostif-for-free/ Donate using a huge number of options here: https://ostif.org/donate What are we working on? OpenSSL powers everything. 70% of the top million websites use OpenSSL to provide encryption…