Policy for extensions payload data hashes should be upgraded from SHA-1 to SHA-256 |
|
Issue descriptionPolicy for extensions data payloads are currently integrity-checked using a SHA-1 digest passed in the ExternalPolicyData.secure_hash field: https://cs.chromium.org/chromium/src/components/policy/proto/chrome_extension_policy.proto?rcl=0&l=21 We should upgrade to SHA-256 given that SHA-1 is showing some signs of weakness and getting phased out elsewhere. |
|
►
Sign in to add a comment |
|
Comment 1 by mnissler@chromium.org
, Sep 7 2016Status: Duplicate (was: Untriaged)