Perspectives broken in Firefox 32

Perspectives currently does not work in Firefox 32 and higher. This is a known issue. When Perspectives runs you will see a yellow exclamation icon and the error message “‘an internal security change error occurred: TypeError: ti.cert.md5Fingerprint is undefined'”.

Firefox 32 is the first version where support for the MD5 hashing algorithm has been removed (see BugZilla). From a security point of view this is great news – the MD5 algorithm is known to be not completely secure, and software should be moving to better hashes. We also want Perspectives to move to using better hashes.

Unfortunately Perspectives needs some internal fixes before this upgrade can be completed. We are actively working on fixing this error and will update Perspectives ASAP. Thanks to everyone who has contacted us about this issue.

 

 

 

 

Advertisements

,

  1. #1 by cousteau on September 14, 2014 - 6:21 pm

    Couldn’t you implement your own MD5 algorithm in JavaScript? That shouldn’t be too hard.

    • #2 by daveschaefer on September 25, 2014 - 3:29 am

      Hey cousteau, if it’s not too hard for you to write the code, patches are always welcome šŸ˜‰

      Actually the hard part is not implementing the MD5 hash – I have code that does that. The tricky part is getting the correct DER/ASN1 representation of the certificate so we can calculate the same hash that the browser does.

  2. #3 by Ray on September 17, 2014 - 8:22 pm

    You guys are awesome, thanks so much for Perspectives.

    We just had a lunch-and-learn at my company about SSL. I tried to ask the leading questions to bring everyone to the realization that if any one of several hundred organizations is exploited, users can’t trust _any_ padlocks. I’ll see if I can’t follow that up with some email discussion around the idea of notaries.

    Is that a good summary of the technique, “notaries”? Or do you folks use a different term?

    • #4 by daveschaefer on September 25, 2014 - 3:36 am

      Hey Ray, thanks for the kind words. Good luck with the discussion – feel free to email the mailing list if you want further thoughts and input.

      Perspectives uses the term ‘notaries’ to refer to servers that scan HTTPS sites and record information about their certificates. This is similar to a real life ‘notary’ who can sign and witness legal documents – https://en.wikipedia.org/wiki/Notary .

  3. #5 by victek on September 25, 2014 - 3:26 pm

    Friends, how is that fix for Firefox 32 coming? I’m really missing Perspectives. Cheers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: