| OpenSSL's use of uninitialized memory to seed entropy was always a terrible idea. The PRNG was fundamentally flawed to begin with. > Really, it kind of proved the opposite. Not really. Exploited bugs in cryptographic protocols are extremely rare. Exploited memory safety bugs are extremely common. > Valgrind and other tools can tell you about memory safety bugs. Not really. > Understanding that the fix would result in a crypto bug was harder. Like I said, OpenSSL's PRNG was brutally flawed already and could have been broken on a ton of machines already without anyone knowing it. A compiler update, an OS update, or just unluckiness could have just as easily broken the PRNG. Building memory unsafety into the prng was the issue. Memory safety issues are exploited orders of magnitude more often than crypto bugs. edit: Also, memory safety bugs typically have higher impact than crypto bugs. An attacker who can read arbitrary memory of a service doesn't need a crypto bug, they can just extract the private key, or take over the system. Crypto bugs are bad. Memory safety bugs are way, way worse. |