John Jones: > Recently I decided to see what would happen if I opened the Tails signing > key in gedit, changed a few characters (I didn't document exactly what I > changed but it was about 5 or 10 characters not very close to the beginning > or end), saved it, and then tried to use it to verify the signature of the > Tails ISO file I most recently > used. Persistence was enabled and not read-only. I deleted all the keys > that were stored before importing the modified key. VerifySignature said > the signature was > good. This seemed like a red flag to me, since I'd expected that the > changes I'd made would make the key unable to correctly decrypt the > signature. Is this suspicious? Or is it to be expected that the signing key > would still work after I changed a few characters in gedit?
I don't really know how GPG handles the encoding of the keys but there might be an algorithm the correct a few errors. Otherwise I would expect GPG to not be able to import the key at all. Could you send us the modified key as you created it? I'd be interested in investigating what happened here. > That's the main important part (in case this is getting too long), but > after that, the events that followed also seemed unusual. I turned off my > computer, removed the Tails USB drive, and booted Windows 7. The screen > that showed up was one I'd never seen before. It said that my computer > might be damaged, or something like that, and gave me the option to try to > boot normally or boot in Startup Repair mode. I chose Startup Repair. It > asked if I wanted to try to restore a previous version of the system where > some recently-installed programs might be absent, and I chose No. It then > spent ten or fifteen minutes looking for and/or trying to fix problems, and > finally told me it couldn't fix anything. I clicked "Finish" and my > computer turned off. I turned it back on again and Windows started up > normally, and nothing seems to be wrong with it now. I have alternately > booted Tails and Windows on this computer several times in the past, and > nothing like this ever happened before. I'm not a regular user of Windows but I've seen similar screens in the past. Maybe Windows didn't shut down properly or thought their was a need to be repaired somehow. I wouldn't be worried by that. > If what I've described isn't suspicious at all, then this paragraph can be > ignored. But I got to thinking: If an attacker wanted to trick me into > installing a malicious program in place of Tails by giving me a bad ISO > through a MitM attack, normally it wouldn't work because the ISO would fail > to be authenticated. But they could get around this if they could make it > so that my system would falsely "authenticate" bad ISOs. It occurred to me > that I never authenticated my "first" Tails ISO, which I downloaded several > days ago, burned to DVD-R, and then used that DVD-R to install Tails on a > fresh USB drive. On that USB drive, I subsequently upgraded to 0.22, and > then today I downgraded to 0.21 in order to enable the more secure > persistence settings. I authenticated both the 0.22 and 0.21 ISOs (in > Tails) before installing them, but if my first ISO was a maliciously > altered version of Tails, then those authentications could have been fake. > It also may be worth noting that I was not using Tor when I downloaded any > of the ISOs. Again, I don't know much about computers, so hopefully my > fears are unfounded. Yes, you need to be able to trust the system on which you are verifying your Tails ISO images. What you can do is to take those ISO images to a different computer that would be more trusted, and verify them on this separate system.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support
