On 5 April 2018 at 09:39, Mark Smith mcs@pearlcrescent.com wrote:
The reason Mozilla chose SHA384 over SHA512 is reduced vulnerability to length extension attacks.
This decision was made without the crypto people at Mozilla being involved. We considered it unnecessary and SHA512 would have been fine; but whatever we're not going to change it again for vanity.
- "Remove hashFunction and hashValue attributes"
https://bugzilla.mozilla.org/show_bug.cgi?id=1373267 Mozilla removed support for a hash check of the MAR files that has historically been implemented by including hash values in the update manifest (XML) file that is returned by the update server. Mozilla relies on MAR signatures to verify the integrity of the Firefox MAR files, but in the past we have talked about the value in requiring that two things need to be compromised: the update server as well as a MAR signing key. For that reason, Kathy and I believe we should back out these changes and continue to have our update server return hash values.
SGTM.
-tom