Fear not, faithful privacy warriors, your secret’s safe with OpenSSL.
Due to an accidental bug in the programming, OpenSSL does not rely on the same flawed random number generator Dual EC DRBG that the NSA and its intelligence counterparts had already cracked for a good ten years running now. Yesterday Steve Marquess of the OpenSSL Software Foundation wrote a mailing list post that put many security researcher’s woes to rest.
“The nature of the bug shows that no one has been using the OpenSSL Dual EC DRBG.”
After facing increasing levels of controversy over the past several months, the Dual EC DRBG standard was finally outed as a flawed architecture earlier this year by security contracter and international whistleblower Edward Snowden, affirming the suspicions that that many netsec experts had been raising quietly but were too apprehensive to take public until now.
Some scientists have reason to believe the security standard was doomed from the start, given the number of backdoors and hidden holes that have come to light since the code was put through the ringer in the wake of the Snowden revelations. As of now there are no plans to fix the bug that secures the SSL protocol, and many assume that a fix will not be pursued by anyone except those who are out to do harm to your mobile data or home computer.
To learn how to properly configure OpenSSL on your devices, follow our helpful tutorial step-by-step!