-2

is it practically possible to ensure that the integrity of an ISO image for an OS is legit with 99.999% certainty?

I was thinking of buying a bunch of DVDs of Ubuntu 22.04 on eBay and comparing the checksums. Would the checksums match up if the DVDs were burned using different methods? Is there a better way that I'm missing?

schroeder
  • 123,438
  • 55
  • 284
  • 319
ProfessorManhattan
  • 97
  • 3
    What is the problem with the [recommended method](https://ubuntu.com/tutorials/how-to-verify-ubuntu) of using cryptographic signatures? If the image is already compromised by the producer then using DVD based on this image will not help either. Apart from that DVD based on the same image should result in the same checksums - burning the image to a DVD does not change the data. – Steffen Ullrich May 21 '22 at 04:53
  • You ask 2 different questions: the checksum of the ISO and the checksum of the burned DVD. And you seem to suggest that they are the same thing. They are not. I think you need to re-think what you are trying to ask. I also removed the unrelated 2nd question from your post. – schroeder May 23 '22 at 08:30
  • 1
    And once you start going on about "time travelling hackers" you are not going to be taken seriously. All questions need to be asked of others when asker and audience have the same basis of reality. – schroeder May 23 '22 at 08:31

1 Answers1

2

This question can contain multiple broad answers but I'll give the most sensible one. Verify the signatures of the images, if they don't match, don't use the data.

If you're asking how to defend against attacks more sophisticated/supply chain attacks then you're asking a much more complicated question.

J--
  • 278
  • 1
  • 12