Stronger Hash Support for Secure Installations and Updates

Ever since released our file release system (including secure updates and installations of .xpi files) we've planned on improving the support of hashes. We didn't originally realize that md5 was no longer on the list of hashes, and with sha1 having its own share of problems recently, the need for stronger hashes was increased.

So finally we have dropped support for md5 as well and support only the stronger hash mechanisms (sha1, sha256, sha384, and sha512). We still auto-detect the hash type by the length of the hash submitted in the file management tool, so the procedure is exactly the same. Any existing md5 hashes are still in our system and presented by our secure install links but are considered deprecated.

Reply

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img>
  • You may quote other posts using [quote] tags.
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. Beside the tag style "<foo>" it is also possible to use "[foo]".
  • You can use BBCode tags in the text. URLs will automatically be converted to links.

More information about formatting options