[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.

Subject: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 18 Jul 2017 22:46:38 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Jul 2017 18:46:47 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22971: The XPI signing mechanism needs to use different hash functions.
------------------------------------------+----------------------
     Reporter:  yawning                   |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 https://wiki.mozilla.org/Add-ons/Extension_Signing

 Signing 2 hashes of a manifest file containing 2 hashes each of every file
 in an archive, especially when "2 hashes" is MD5 and SHA1 is
 cryptographically unsound.

 See Joux, A., "Multicollisions in Iterated Hash Functions. Application to
 Cascaded Constructions".

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22971>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #20930 [Core Tor/Tor]: Use new systemd hardening options
Next by Author: Re: [tor-bugs] #22883 [Core Tor/Tor]: Bridge unavailable during differential consensus update
Previous by thread: Re: [tor-bugs] #22970 [Webpages/Website]: torprojects.org onion site is not loading
Next by thread: Re: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
Index(es):
- Author
- Thread