[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] ISO Signatures



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



The Saturday 2008-06-14 at 12:44 +0100, Benji Weber wrote:

2008/6/14 Carlos E. R. <robin.listas@xxxxxxxxxxxxxx>:
I'm sorry, I don't quite understand. The checksum for the ISO file checks
the entire ISO file including the bootloader, so I don't see how the
bootloader can be altered and the iso still pass the test.

There are MD5SUMs here
http://download.opensuse.org/distribution/10.3/iso/cd/MD5SUMS .
However, md5 has various weaknesses and it is potentially possible to
engineer a modified iso the same size with the same MD5SUM.
Furthermore, the md5sums are not even signed, so it's difficult to be
sure they are even correct.

I see.


Since the bootloader can do anything to your system and is untrusted,
it is potentially dangerous to boot from a downloaded openSUSE ISO.
The contents file and others itself inside the ISO are signed. I
believe it is possible to generate a fully trusted ISO by regenerating
the bootloader from signed material. It would be much simpler just to
publish signatures for the ISOs though.

Checking the signatures of the files is useless during installation from dvd, because the program that does the checking runs from the same dvd that could be potentially compromised. It has to be an overall signature and checked externally.

- -- Cheers,
       Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFIVYr8tTMYHG2NR9URAp+MAJ9i5LLZCpOI3NnxTuGvjqnsw8ca4gCfSo0t
QrY8V5sSQCjXEz5Ler1vEwM=
=cXKo
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx