[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.



#22971: The XPI signing mechanism needs to use different hash functions.
--------------------------------------+--------------------------
 Reporter:  yawning                   |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:  tbb-security              |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by isis):

 Replying to [comment:2 yawning]:
 > This is probably more an upstream issue since the practical result is
 "Extension Signing is worthless vs adversaries that can produce SHA1
 collisions".

 Ugh. And yeah, this seems to be an upstream issue, we should see if
 they've already got a fix they're working on.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22971#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs