Closed
Bug 722199
Opened 12 years ago
Closed 8 years ago
MD5 is used as the hash algorithm to check manifests (nsManifestCheck::Begin())
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: briansmith, Unassigned)
Details
MD5 should basically not be used for anything now. Either SHA1 or stronger should be used, if a secure hash algorithm is needed, or something faster should be used, if security is not an issue.
Updated•12 years ago
|
Summary: MD5 is used as the hah algorithm to check manifests (nsManifestCheck::Begin()) → MD5 is used as the hash algorithm to check manifests (nsManifestCheck::Begin())
Comment 1•12 years ago
|
||
Speed is the preference here. There is no need for a secure check sum. Probably just a CRC would be OK. We only need to detect a 1 bit change.
Here is my case: I'm trying to create a CSR (Certificate Signing Request) in a website using Firefox. When Firefox creates the pair of keys, it signs the CSR using MD5WithRSAEncryption. Due to FIPS compliance, the Certification Authority does not accept md5WithRSAEncryption. The CSR must be signed with at least sha1WithRSAEncryption. Mozilla published in 2010 (https://wiki.mozilla.org/CA:MD5and1024) that they will not continue using MD5 for signatures. Currently, it's still being use. Additionally I have disabled MD5 (base on the information of other bugs) using about:config modifying and including the following configurations: security.enable_md5_signatures = false security.ssl3.rsa_rc4_128_md5 = false Yet, the results still the same. Firefox signs CSR using MD5.
Comment 3•11 years ago
|
||
naldiello@gmail.com: are you sure you are at the right bug?
Reporter | ||
Comment 4•11 years ago
|
||
(In reply to Honza Bambas (:mayhemer) from comment #3) > naldiello@gmail.com: are you sure you are at the right bug? This is not the right bug for that. See bug 549460 instead.
Comment 5•8 years ago
|
||
wontfix non critical app cache bugs. its going away
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•