2

I have a question about DSA and GPG. Suppose you are trying to verify a downloaded file is 'legit' (i.e., no malicious code and it is the intended file). I'll just use Ubuntu's 16.04 LTS ISO image as an example. Following through the instructions, I get the general idea (please correct if I am wrong):

  1. Download the ISO, the SHA256 file and the SHA256 file signature
  2. Get the Ubuntu public key from the key server
  3. Verify that the SHA256 file was signed using the Ubuntu private key with the public key using DSA.
  4. Compute the hash of the ISO and compare the hash with the hash in the SHA256 file.

Now, maybe a stupid question, but couldn't an attacker instruct you to download his own key instead of Ubuntu's, a malicious ISO, the hash of the malicious ISO, and a valid signature of the hash of the malicious ISO? I guess a simple way to defend against this is just cross-compare the public key against a bunch of different sites (as this key has been around forever), but what if the public key is not as well known. If the site is fully compromised, I feel like the attacker could trick you into downloading the wrong key!

Anders
  • 64,406
  • 24
  • 178
  • 215
coolboyjules
  • 123
  • 4

1 Answers1

4

If the site with the instructions is compromised the attacker can replace all instructions. This means that he can specify a different key to use for verification or omit the verification information completely, that he can specify a different URL for download etc. That such a compromise can happen shows the hack of the Linux Mint site in 2016 which was changed to point to compromised download at this time.

A site compromise can actually quickly be detected if a site is monitored for changes, which is hopefully the case for important sites. But an attacker does not even need to compromise the original site. Instead the attacker could buy ads for search engines which direct you to "alternative" download sites if you are looking for the downloads. These download sites are in full control of the attacker so he can publish anything there. Such alternative sites are also not detected when monitoring the original site. This type of social attack is very common with downloads of openoffice or similar where a simple download openoffice might lead to a result page which is full of advertisements pointing to download sites. These then usually provide "enhanced" installs which add additional software but could also provide a compromised version.

There is not a lot one can do about this. The underlying question to all of this is whom you can trust. Even if your new computer comes pre-installed with Windows you have to still trust the vendor that the version you have is the original one and that no harmful software was installed additionally. History shows that this is not always the case and that even seemingly trustable vendors add harmful software.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thank you for your response. It is very clear. I guess you're right... who do you trust? – coolboyjules Oct 21 '17 at 13:55
  • @coolboyjules: I usually trust the ones who are trusted by the majority of my friends. But one can write a whole book about this and there is actually one I can recommend: [Liars and Outliers](https://www.schneier.com/books/liars_and_outliers/) by Bruce Schneier. – Steffen Ullrich Oct 21 '17 at 14:16