[tbb-dev] significant ESR60 updater changes
tom at ritter.vg
Thu Apr 5 15:10:21 UTC 2018
On 5 April 2018 at 09:39, Mark Smith <mcs at pearlcrescent.com> wrote:
> The reason Mozilla chose SHA384 over SHA512 is reduced
> vulnerability to length extension attacks.
This decision was made without the crypto people at Mozilla being
involved. We considered it unnecessary and SHA512 would have been
fine; but whatever we're not going to change it again for vanity.
> 4. "Remove hashFunction and hashValue attributes"
> Mozilla removed support for a hash check of the MAR files that has
> historically been implemented by including hash values in the update
> manifest (XML) file that is returned by the update server. Mozilla
> relies on MAR signatures to verify the integrity of the Firefox MAR
> files, but in the past we have talked about the value in requiring that
> two things need to be compromised: the update server as well as a MAR
> signing key. For that reason, Kathy and I believe we should back out
> these changes and continue to have our update server return hash values.
More information about the tbb-dev