[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #2340 [Tor Browser]: GPG signatures do not authenticate filenames
#2340: GPG signatures do not authenticate filenames
-----------------------------+--------------------------
Reporter: rransom | Owner: rransom
Type: defect | Status: assigned
Priority: critical | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: needs-triage
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------
Comment (by cypherpunks):
In fact, SHA-256 hash of file must only be used to provide integrity
against accidential errors, not malicially crafted.
You must NEVER use it as a protection measure. You must use a secure
MAC/signature instead. So, I think that the author of this ticket must
learn crypto a little.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2340#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs