[tbb-dev] significant ESR60 updater changes

Tom Ritter tom at ritter.vg
Thu Apr 12 15:30:55 UTC 2018

On 12 April 2018 at 12:41, Georg Koppen <gk at torproject.org> wrote:
> Tom Ritter:
>> On 5 April 2018 at 09:39, Mark Smith <mcs at pearlcrescent.com> wrote:
>>> The reason Mozilla chose SHA384 over SHA512 is reduced
>>> vulnerability to length extension attacks.
>> This decision was made without the crypto people at Mozilla being
>> involved. We considered it unnecessary and SHA512 would have been
>> fine; but whatever we're not going to change it again for vanity.
> Reading through the bug it seems crypto people were consulted, no?

Security people were consulted, but not cryptographers. :)

> Either way, I wonder what
> https://bugzilla.mozilla.org/show_bug.cgi?id=1105689#c52 implies
> ("Keep in mind that the implementation design that was created with the
> security team for this required that we use the system provided crypto
> instead of NSS if at all possible.")
> because three years ago I said at least that we are using NSS on all
> platforms. Looking at the changes for SHA-348, though, it seems they
> don't change the game for us or am I missing anything?

That is a bit confusing. I wonder if that comment refers to generating
the keys as opposed to validating the signatures. Either way I'm not


More information about the tbb-dev mailing list