OpenSSL Valhalla Rampage

A (Tumblr!) blog documenting the OpenBSD team’s recently-initiated remodeling of OpenSSL. I hate to be too hard on the OpenSSL developers, since they’ve already gotten more than enough flak these past couple of weeks, but some of the code that’s being chucked out is just horrifying – for example, private key material may sometimes be used as a PRNG entropy source. I know keys look random, but come on.