[tor-bugs] #9930 [Website]: SHA-1 is weak: Use better hash to generate signatures
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 17 13:58:27 UTC 2014
#9930: SHA-1 is weak: Use better hash to generate signatures
-------------------------+-----------------
Reporter: mkral | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Website | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------+-----------------
Comment (by mkral):
Replying to [comment:4 gk]:
> Replying to [comment:3 gk]:
> > This will be fixed by #13407. We intend to use the new key from the
next release on.
>
> To make that clear: I am speaking here about Tor Browser which the bug
seems to be about and not the tor releases.
For example verification of
https://www.torproject.org/dist/tor-0.2.5.10.tar.gz ,
https://www.torproject.org/dist/tor-0.2.5.10.tar.gz.asc
using RSA key 0x910397D88D29319A
{{{
gpg --verbose --verify tor-0.2.5.10.tar.gz.asc
gpg: binary signature, digest algorithm SHA1
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9930#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list