[tor-bugs] #22971 [Applications/Tor Browser]: The XPI signing mechanism needs to use different hash functions.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 19 08:23:21 UTC 2017
#22971: The XPI signing mechanism needs to use different hash functions.
--------------------------------------+--------------------------
Reporter: yawning | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by yawning):
Upstream bug has been around for years apparently:
https://bugzilla.mozilla.org/show_bug.cgi?id=1169532
Fun facts:
* The MD5 digest is ignored (sigh).
* The PKCS7 RSA signature *also* uses SHA1 (I should have checked this).
* Their plan apparently is to move to *also* include SHA256 digests and
transition to ECDSA.
I'm uncertain if we should treat this more severely. I'm not exactly
thrilled about "keeping the same old busted manifest format, adding yet
another M-D construct hash, and doing absolutely shit fuckall to mitigate
length extension attacks" as the upstream response.
At a minimum, I think we can do better by patching the XPI verification
code at least for our addons (like we do for the MAR signatures), but what
do I know.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22971#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list