[Webkit-unassigned] [Bug 168774] New: Add a test verifying cache deduplication is not sensitive to SHA1 collision attack

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 23 07:48:56 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=168774

            Bug ID: 168774
           Summary: Add a test verifying cache deduplication is not
                    sensitive to SHA1 collision attack
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: koivisto at iki.fi
                CC: beidson at apple.com

We use SHA1 for deduplicating disk cache resources. Since a real world SHA1 collision was demonstrated recently (http://shattered.io/) we can add a test that shows it can't be used for cache poisoning.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170223/16efe7da/attachment.html>

More information about the webkit-unassigned mailing list