UPDATE: We are now 81% funded! Keep spreading the word!
Matched donations by DuckDuckGo on Crowdrise here: https://www.crowdrise.com/o/en/campaign/ostif1/ostif
Ways to contribute for FREE: https://ostif.org/how-to-contribute-to-ostif-for-free/
Donate using a huge number of options here: https://ostif.org/donate
What are we working on?
OpenSSL powers everything. 70% of the top million websites use OpenSSL to provide encryption services to their visitors and to encrypt user information. It’s in thousands of apps, and the internet as we know it relies on OpenSSL to protect our information.
The NSA has tried to compromise OpenSSL before, by introducing weakened standards and bribing companies to use those weakened components.
OpenSSL is getting a major update with version 1.1.1, called TLS 1.3. It is a new set of security standards and cryptography for the next generation of encryption. There’s a lot of new code, new options, and new features.
We need to publicly review this code to make sure that it is as safe as possible. Specific areas that the NSA has attacked before (the Pseudorandom Number Generator or PRNG) are getting big updates and need to be independently verified.
We don’t want another compromised PRNG, Heartbleed, Logjam, FREAK, or CCS Injection problem to slip through the cracks. We need to ensure that OpenSSL is safe for all of us to use long into the future.
For more technical details on the scope of the audit, look here: https://ostif.org/the-openssl-1-1-1-audit-fundraising-has-begun/
These projects do not happen without your support. Tell your friends. Spread the word. Donate. We need to build a safer internet together.