Re: Proposal for update of http://debian.org/CD/faq/#verify

2011-01-26 Thread Naja Melan 
I just noticed that in hashtab sha256 is not enabled by default, so I would
further add the following sentence to the windows/mac instructions:

"SHA256 is not enabled by default in HashTab, so you will have to
click *options
*and enable it."


Török Edwin  wrote:

What if you already have an older Debian install, or an older Debian CD
> (that you already verified/trust by other means)?
> There should be a chain of trust from the signing keys used on the old CDs
> all the way to the signing key used on the new CD, right?
>
> Is there an easy way to check the signing key, given an older Debian CD?
> (besides booting from it, and checking the new key with gpg)?
>

I have thought about this, but I don't have a debian box available here to
test that, and so I don't know which keys are available in the keyring. I
can thus not write instructions for this. Another option I thought about is
that debian includes itself as a trusted CA in the browsers it ships. That
might allow someone to download a key through https from
https://db.debian.org.

The reason I have not mentioned this is because as far as I can tell the CD
signing key is not on there, so it would be indirect if people would have to
download keys from people signing the Debian cd signing key. This would make
the "chain" already quite a bit longer (thus unsafer) and would seriously
complicate the instructions and make them less accessible.

If you can cook up good instructions to do such things though, go ahead. A
safe way of downloading from an older debian box would probably be
worthwhile, even if the initial Debian box has not been downloaded in a safe
way because it allows people to minimize the potential for tampering to only
the first time ever they download debian, and if an attacker missed that
chance they would be fine in the future.

greets

Re: Proposal for update of http://debian.org/CD/faq/#verify

2011-01-26 Thread Török Edwin 

On 01/26/2011 02:04 AM, Naja Melan wrote:
*3. Could a malicious attacker that feeds me an altered iso image not 
also feed me an altered SHA256SUMS file? Yes, they could! Http is very 
easy to intercept. This is where SHA256SUMS.sign comes in. This file 
is the pgp signature of the ***SHA256SUMS file. It is signed with the 
Debian CD signing key which can be obtained from 
hkp://keyring.debian.org/ .* The transport 
from the keyserver is *not *secured, and the only way to verify you 
have not been fed a bogus key is through the web of trust 
 if you 
are connected to enough people to make a path to the Debian CD signing 
key.

*

*What should I do if I am not connected through the web of trust?
There is no easy answer to this.*




What if you already have an older Debian install, or an older Debian CD 
(that you already verified/trust by other means)?
There should be a chain of trust from the signing keys used on the old 
CDs all the way to the signing key used on the new CD, right?


Is there an easy way to check the signing key, given an older Debian CD? 
(besides booting from it, and checking the new key with gpg)?


Best regards,
--Edwinb


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4d406b34.7060...@gmail.com

Proposal for update of http://debian.org/CD/faq/#verify

2011-01-25 Thread Naja Melan 
*Hi,*

*after this and
this
discussion  I
decided to write a proposal for an improvement of
http://debian.org/CD/faq/#verify
*

*The main issues with the current text are that it gives a false notion of
security by not stating the limitations of the presented procedure, as well
as proposing use of md5 which is broken and should no longer be used for
security purposes. Further I have tried to make the instructions more
accessible for less knowledgeable users and made different proposals for
software that allows checking hashes on windows and mac.*

Could you please review this and implement it on the website.

Thanks in advance,

Naja Melan
**

*
*

*How can I verify that the downloaded CD images are correct?*
**

*Errors can occur during the download of the CD images. This can happen
accidentally (corruption), or a malicious attacker could try to serve you an
altered version of the Debian OS. Because of this it is important you verify
that the downloaded files are correct. To verify your iso file, several
steps are needed.*

**

**

*If you only care about accidental corruption, note that torrent clients and
*jigdo  automatically check for data
corruption. Otherwise follow the steps below:

*1. You have to calculate a numerical value that is unique for a specific
file and that will be different as soon as the file is altered even
slightly. **This is done by means of a cryptographic hash function
and**allows for the value on the server to be compared with the value
that you
calculate at home. If both values are the same, then both files are
guaranteed to be the same.
*

*a. on Linux systems:
*

*use the 
sha256sumutility
to calculate the hash value of the file you downloaded
*

*b. on Windows/**Mac**:*

*You will need to download some software to calculate hashes. The easiest
one is hashTab . If this does not
work for you, there are many alternatives like
DivHasher(windows only).
*

*
*

*2. Download *SHA256SUMS and SHA256SUMS.sign which should be available in
the same directory from which you downloaded the iso. *Compare the value you
get from step 1 with the value in the file *SHA256SUMS.


By now we can be confident that the file did not *accidentally *become
corrupt during transfer.

*3. Could a malicious attacker that feeds me an altered iso image not also
feed me an altered SHA256SUMS file? Yes, they could! Http is very easy to
intercept. This is where SHA256SUMS.sign comes in. This file is the pgp
signature of the ***SHA256SUMS file. It is signed with the Debian CD signing
key which can be obtained from
hkp://keyring.debian.org/
.* The transport from the keyserver is not secured, and the only way to
verify you have not been fed a bogus key is through the web of
trustif
you are connected to enough people to make a path to the Debian CD
signing key.
*

*What should I do if I am not connected through the web of trust?
There is no easy answer to this. We currently provide no other means of
secured transport of our pgp key or the checksum file. The only possibility
is to try to download the checksum file through different paths. If you risk
being the target of an attack, you might go to a libray or cybercafe and
download the checksum file there. If you want to skip a bigger part of the
path you might call a friend in a foreign country and ask them to download
the checksum file and read the hash to you so you can compare it to the one
you have at home.
*
If you want to check many CD image files or burned CDs easily on Unix/Linux
systems, the checkiso  script
can be a great help.