[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.



#22971: The XPI signing mechanism needs to use different hash functions.
--------------------------------------+--------------------------
 Reporter:  yawning                   |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:  tbb-security              |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by yawning):

 Upstream bug has been around for years apparently:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1169532

 Fun facts:

  * The MD5 digest is ignored (sigh).
  * The PKCS7 RSA signature *also* uses SHA1 (I should have checked this).
  * Their plan apparently is to move to *also* include SHA256 digests and
 transition to ECDSA.

 I'm uncertain if we should treat this more severely.  I'm not exactly
 thrilled about "keeping the same old busted manifest format, adding yet
 another M-D construct hash, and doing absolutely shit fuckall to mitigate
 length extension attacks" as the upstream response.

 At a minimum, I think we can do better by patching the XPI verification
 code at least for our addons (like we do for the MAR signatures), but what
 do I know.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22971#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs