The OSTIF and Quarkslab Audit of OpenSSL is Complete

We would like to thank our sponsors Private Internet Access and DuckDuckGo for helping to fund this security review, as well as all of our  donors and individual supporters. This crucial work doesn’t happen without support from the community. The quick and dirty: OpenSSL version 1.1.1 was evaluated with special foci on new TLS…

Continue Reading The OSTIF and Quarkslab Audit of OpenSSL is Complete
The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched
Monero cryptocurrency security theme with businessman on blurred blue light background

The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched

Bulletproofs are a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs are a trustless proofs setup that are substantially smaller than the current Borromean style range proofs that were previously used, which reduces the size of Monero transactions by 80-90%. Monero’s latest network update,…

Continue Reading The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched

The QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete

Kudelski Security has done a review of Monero Bulletproofs, a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs is a trustless proofs setup that is substantially smaller than the current Borromean style range proofs that are currently used, promising to make Monero transactions 10-20%…

Continue Reading The QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete
OpenSSL 1.1.1 Fundraiser – 2nd Round of Funding
Woman using tablet pc, pressing on virtual screen and selecting open source.

OpenSSL 1.1.1 Fundraiser – 2nd Round of Funding

Double Your Donations With CrowdRise Today, we begin our second round of funding in partnership with DuckDuckGo, who will be matching Crowdrise donations for the next four weeks! You can view the Crowdrise campaign and donate here to have your donation matched (doubled): https://www.crowdrise.com/o/en/campaign/ostif1/ OpenSSL 1.1.1 Project Changes We have…

Continue Reading OpenSSL 1.1.1 Fundraiser – 2nd Round of Funding

The OpenVPN 2.4.0 Audit by OSTIF and QuarksLab Results

OpenVPN 2.4.0, the NDIS6 TAP Driver for Windows, the Windows GUI, and Linux versions were evaluated. This release included a number of new features including control channel encryption. QuarksLab found: 1 Critical/High Vulnerability CVE-2017-7478 1 Medium Vulnerability CVE-2017-7479 5 Low or Informational Vulnerabilities / Concerns This public disclosure of these vulnerabilities coincides with the release of OpenVPN 2.4.2 which fixes…

Continue Reading The OpenVPN 2.4.0 Audit by OSTIF and QuarksLab Results

The VeraCrypt Audit Results

VeraCrypt 1.18 and its bootloaders were evaluated. This release included a number of new features including non-western developed encryption options, a boot loader that supports UEFI (modern BIOSes), and more. QuarksLab found: 8 Critical Vulnerabilities 3 Medium Vulnerabilities 15 Low or Informational Vulnerabilities / Concerns This public disclosure of these vulnerabilities coincides with the release of VeraCrypt 1.19…

Continue Reading The VeraCrypt Audit Results

OSTIF + QuarksLab Audit of VeraCrypt Completed – Phase II Begins

OSTIF + QuarksLab Audit of VeraCrypt Completed - Phase II Begins The audit of VeraCrypt has been completed, and the final report is being created over the coming days. The VeraCrypt developers have the preliminary results and we are working with both VeraCrypt and QuarksLab on the timetable for releasing…

Continue Reading OSTIF + QuarksLab Audit of VeraCrypt Completed – Phase II Begins

OSTIF Has Reached Out to Quarkslab for Auditing Services

  • Post category:QuarksLab

We are currently in talks with Quarkslab about possible contracts for getting our supported apps audited. We have selected Quarkslab as a candidate for multiple reasons. They have a strong team of professional staff that works heavily in the areas of software security auditing and cryptography. They have done public…

Continue Reading OSTIF Has Reached Out to Quarkslab for Auditing Services