[tbb-dev] Tor Browser uplift tracker
tom at ritter.vg
Tue Jan 30 16:29:16 UTC 2018
On 30 January 2018 at 10:16, Mark Smith <mcs at pearlcrescent.com> wrote:
>> 11) #13379: probably "no uplift" (for now at least). At any rate we'd
>> need to investigate first what we still need to carry over to ESR 60
>> here, given that https://bugzilla.mozilla.org/show_bug.cgi?id=1105689
>> got fixed.
> Agreed on "no uplift" but note that in 1105689 Mozilla went with SHA384
> instead of SHA512 (it seems there are security reasons for that choice).
> We could switch to SHA384 but we will need to think through the
> migration issues.
There is no real security benefit to 384 over 512; the folks who
picked 384 figured "Well maybe length-extension-resistance is
valuable" - but it's not.
More information about the tbb-dev