阅读:1529回复:6
Google 又 FUD 了
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
世界上第一个 SHA1 碰撞实践 这很屌没错 但是他们的演示网站 https://shattered.it/ If you use Chrome, you will be automatically protected from insecure TLS/SSL certificates, and Firefox has this feature planned for early 2017. Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure. Firefox has this feature planned for early 2017. 那么 谋智会发个小尾巴把 security.pki.sha1_enforcement_level 改 1 或 3 吗? |
|
最新喜欢:catcat...
|
1楼#
发布于:2017-02-27 23:09
原来谋智是用系统扩展来远程修改 security.pki.sha1_enforcement_level
不过我的 51.0.1 还没看到这个扩展 https://blog.mozilla.org/security/2017/02/23/the-end-of-sha-1-on-the-public-web/ https://bugzilla.mozilla.org/show_bug.cgi?id=1328718 https://bugzilla.mozilla.org/show_bug.cgi?id=1338228 狗家的 SHA1 碰撞其实是个特例 同时也需要大量的算力 不过光是这示范用的 pdf 就成功干掉了 svn http://www.solidot.org/story?sid=51489 |
|
|