[Webkit-unassigned] [Bug 168774] New: Add a test verifying cache deduplication is not sensitive to SHA1 collision attack
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 23 07:48:56 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=168774
Bug ID: 168774
Summary: Add a test verifying cache deduplication is not
sensitive to SHA1 collision attack
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Page Loading
Assignee: webkit-unassigned at lists.webkit.org
Reporter: koivisto at iki.fi
CC: beidson at apple.com
We use SHA1 for deduplicating disk cache resources. Since a real world SHA1 collision was demonstrated recently (http://shattered.io/) we can add a test that shows it can't be used for cache poisoning.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170223/16efe7da/attachment.html>
More information about the webkit-unassigned
mailing list