[tor-bugs] #20209 [Applications/Tor Browser]: Torbrowser 6.5a3 packages now signed with sha1, not sha512

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 21 20:03:39 UTC 2016


#20209: Torbrowser 6.5a3 packages now signed with sha1, not sha512
------------------------------------------+----------------------
     Reporter:  arma                      |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 {{{
 $ gpg -v torbrowser-install-6.0.5_en-US.exe.asc
 gpg: assuming signed data in `torbrowser-install-6.0.5_en-US.exe'
 gpg: Signature made Fri 16 Sep 2016 07:53:01 AM EDT
 gpg:                using RSA key 2E1AC68ED40814E0
 gpg: using subkey 2E1AC68ED40814E0 instead of primary key 4E2C6E8793298290
 gpg: using PGP trust model
 gpg: Good signature from "Tor Browser Developers (signing key)
 <torbrowser at torproject.org>"
 gpg: binary signature, digest algorithm SHA512
 }}}

 compared to

 {{{
 $ gpg -v torbrowser-install-6.5a3_en-US.exe.asc
 gpg: armor header: Version: GnuPG v1
 gpg: assuming signed data in `torbrowser-install-6.5a3_en-US.exe'
 gpg: Signature made Tue 20 Sep 2016 11:10:10 AM EDT
 gpg:                using RSA key D1483FA6C3C07136
 gpg: using subkey D1483FA6C3C07136 instead of primary key 4E2C6E8793298290
 gpg: using PGP trust model
 gpg: Good signature from "Tor Browser Developers (signing key)
 <torbrowser at torproject.org>"
 gpg: binary signature, digest algorithm SHA1
 }}}

 What made us switch to SHA1 for the latest alpha build? Is this some bug
 in our release process?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20209>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list