[tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 18 23:53:25 UTC 2017
#22971: The XPI signing mechanism needs to use different hash functions.
--------------------------------------+--------------------------
Reporter: yawning | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by isis):
Replying to [comment:2 yawning]:
> This is probably more an upstream issue since the practical result is
"Extension Signing is worthless vs adversaries that can produce SHA1
collisions".
Ugh. And yeah, this seems to be an upstream issue, we should see if
they've already got a fix they're working on.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22971#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list