BOSTON--(BUSINESS WIRE)--Whitewood Encryption Systems Inc.®, a developer of next-generation entropy systems, is pleased to introduce Entropy Management for OpenSSL, a free, downloadable agent to more easily configure entropy sources for OpenSSL and to track entropy consumption relative to its generation in the host environment.
OpenSSL is estimated to be used by two-thirds of all webservers and is therefore one of the most widely deployed cryptographic libraries in the world. It entered the consciousness of all IT professionals as a result of the Heartbleed vulnerability in 2014. Although originally conceived to give application developers a pre-built implementation of the SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols, OpenSSL has become the mainstay of a much wider set of applications, where it is used to encrypt data, digitally sign messages and documents, and identify people, systems and devices across corporate IT systems and the Internet. As a result, OpenSSL is one of the biggest consumers of random data in the corporate datacenter, rendering it vulnerable if not provided with enough high-quality entropy to support its requirements.
Notwithstanding its popularity, the OpenSSL open-source library lacks many of the management capabilities that are normally associated with commercial security tools. The challenge of managing entropy in OpenSSL is particularly clear given the almost infinite combination of operating systems and hardware platforms that it supports. This raises important questions about security in real-world settings, particularly those that suffer from few physical sources of entropy or where numerous applications compete for the same limited supply of random data.
The Whitewood Entropy Management for OpenSSL agent addresses this issue by enabling the user to configure OpenSSL deployments to select and combine specific sources of entropy, measure the consumption of entropy, and decide when and how to use a NIST-compliant PRNG (Pseudo-Random Number Generator) that is included in the package. The Whitewood agent requires no modification to the standard OpenSSL library and includes full support for Whitewood’s Entropy Engine, a quantum-powered random number generator that can be deployed locally or accessed over a network as a shared resource as well as other entropy sources such as the native CPU capability, RdRand.
“Entropy management is a universal challenge but is one that is misunderstood and frequently taken for granted. To highlight the issue, we focused our attention on the most ubiquitous crypto library of them all – OpenSSL. Our research exposed major issues that should be addressed in order to optimize security,” said Richard Moulds, Vice President of Business Strategy and Development at Whitewood. “The Whitewood Entropy Management for OpenSSL agent provides an easy method for users to explore the issue. It also provides a convenient integration point for Whitewood’s other entropy management products that include a centralized entropy service platform to deliver high-quality entropy to distributed OpenSSL instances where local entropy sources are inadequate or inconsistent.”
Entropy Management for OpenSSL will be demonstrated at the Whitewood booth (#967) at the Black Hat 2015 Conference in Las Vegas, Aug. 1-6 and is available for immediate free download at https://github.com/WhitewoodCrypto/WES-entropy-client.
Further details of the Black Hat research paper, “Understanding and Managing Entropy Usage” that includes a specific series of tests focused on OpenSSL and that was sponsored by Whitewood, can be found at www.whitewoodencryption.com.
About Whitewood Encryption Systems, Inc.
Whitewood® is addressing one of the most fundamental challenges associated with all modern cryptosystems – entropy management. Whitewood’s products exploit quantum mechanics to meet demand for high-quality entropy used for random data and key generation at scale. Building upon a base of quantum cryptography capabilities developed over the course of the past two decades at Los Alamos National Laboratory, Whitewood addresses operational vulnerabilities in any application that employs encryption, certificates and keys in clouds, devices and browsers. Whitewood is part of Allied Minds Federal Innovations, the division of Allied Minds dedicated to commercializing U.S. federal intellectual property. More information on Whitewood can be found at www.whitewoodencryption.com.
About Allied Minds
Allied Minds is an innovative U.S. science and technology development and commercialization company. Operating since 2006, Allied Minds forms, funds, manages and builds products and businesses based on innovative technologies developed at leading U.S. universities and federal research institutions. Allied Minds serves as a diversified holding company that supports its businesses and product development with capital, central management and shared services. More information about the Boston-based company can be found at www.alliedminds.com.
Allied Minds Forward-Looking Statement
This press release contains statements that are or may be forward-looking statements, including statements that relate to the company’s future prospects, developments and strategies. The forward-looking statements are based on current expectations and are subject to known and unknown risks and uncertainties that could cause actual results, performance and achievements to differ materially from current expectations, including, but not limited to, those risk and uncertainties described in the risk factors included in the company’s regulatory filings. These forward-looking statements are based on assumptions regarding the present and future business strategies of the company and the environment in which it will operate in the future. Each forward-looking statement speaks only as at the date of this press release. Except as required by law, regulatory requirement, the Listing Rules and the Disclosure and Transparency Rules, neither the company nor any other party intends to update or revise these forward-looking statements, whether as a result of new information, future events or otherwise.