How do I check the hash of an ISO?

Question

If I download the OS image from Ubuntu servers from a location where I can get the MITM attack and get a compromised image, then how I can check its hash to prove that its original image?

1. Hashes may be replaced on official site by the MiTM attacker. But it is not a problem because I can check them on an IRC channel or somewhere else.

2. Software that I can use for checking sums can be compromised to show the correct answer on a compromised file.

Before I asked this questions I heard that Ubuntu have PGP signed repositories so they can't be compromised but... Here is interesting thing that I read:

Quote:

If apt's sources.list file was modified, one could also redirect to a location providing malicious updates (and signed with "trusted" keys, if these have been added, altough not Ubuntu's ones).

An attacker could have changed pretty much everything, including the actual verification of OpenPGP signatures or include arbitrary malware and backdoors.

So how can be solved this dilemma?

I mean check the image on originality if I can't trust download source and we will suppose that I have not had any social connections except with websites.

Answer 1

You are overthinking this.

It's possible that an attacker intercepts your connection to Ubuntu servers and redirect your download to a tainted image, but it's a difficult task:

1. They have to be in a position to be able to MiTM your connection, by standing in the route between you and the Ubuntu Servers

2. Maybe perform a DNS attack on you to redirect you to another server that they control

3. If you access Ubuntu using HTTPS, they must strip the HTTPS or provide a valid certificate. Providing a valid certificate requires either a malicious CA issuing the certificate, or presenting a fake certificate AND you allowing it.

After this, if you download the image, you could run a hash check (MD5 or SHA) and verify the image. This is very easy to do, and very, very difficult to taint.

After all, there's lots and lots of programs that can calculate the hash, and the attacker will never be able to compromise every single one out there. You can even calculate this using Javascript in any browser. So it's impossible to an attacker to compromise every hash calculator you could use.

Answer 2

Well, one step in the right direction would be to install from a trusted ISO.

Ubuntu's ISO is signed with their GPG key. Details are here: VeriFyIsoHowto

But then, how do you know that that GPG key is really their's?

Me, I'm confident enough with googling for the key (and the assumption, that Google is delivered via HTTPS and that Google has not been tainted by a malicious agent). And that key seems to have been in use since 2006. That's good enough for me.

Answer 3

1. You download the potentially-MITMed iso.
2. You get the good hash from a trusted way (irc, phoning a friend at a trusted network…).
3. You must use a trusted binary to compute the checksum. This is typically done by using the previous OS (that we assume not to be compromised).

If you verify with PGP instead of hashes, you change 2 of getting the right iso hash to getting the right release key, and step 3 varies slightly the software packages.

The main difference is that if you are certain that the Ubuntu release key is 0xFBB75451, you can use that not only for this release, but for future ones, too (until they rotate the key).

The OpenPGP way to do this is through the Web of Trust, where many people attest that Person X has key Y for many pairs (X, Y) and you would end up having verified that someone you know has verified that someone he knows has verified that someone he knows is the Ubuntu Release Key. It's a good way in theory but not so useful in the practise for a newcomer to PGP.