[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Verifying Tor packages.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Verifying Tor packages.
From: Frithjof <sfrithjof@xxxxxxxxx>
Date: Wed, 7 Aug 2013 14:32:47 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 07 Aug 2013 08:41:55 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=gBf4Ds5pfBQb1dNWNLPhSY4EtgqmlzBdqBOZlLfJuys=; b=kBWJYwQeDDeUtxUCYp+Tv0wCxYyXmkXWMpR81vm1uSmBj9QzKXkNzUaxko2aSCSb5v WfSV3EI7iTsR9HxEM+1TEw6EiIQ3lHOnSSBGnFS+aYkvj6zXhcaVFUT+VMC2fqWA7PHI ubrjSmeWEGyVUzUT2XLdoS0GVztKq+SQZS4OQd3n0f7GWK8DJOSEKkUPbzT+VgNn9PUr 5PKf6uYpcnkAvt11YpZMlsNKT/9cChq6/iWnwFT/BQHas7kMlkEtbfWsvj2+dl1Cd2g5 JHvzsYfc3S6g5O8W1aXpdl6QSpcBE2nOevHlzvUl8BAJqGsiVd7LtisGUn1x7nG4TnTp CIMA==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

A short note about verifying PGP signatures when upgrading Tor
packages; I hope this is the right place for this. This is probably
well known, but I didn't find any mention on the documentation.

 Neither sha1 sums, nor PGP signatures depend on the file
name of the file to be verified. This allows some kind of replay
attack: If I can get a user to download from my side, I could choose
an old version of the TBB with some known vulnerabilities and rename
the file and the PGP signature.

If I give these files to the user he will probably not notice:

    ~ > sha1sum tor-browser-gnu-linux-x86_64-2.3.25-10-dev-en-US.tar.gz
tor-browser-some-other-version.tar.gz
    d09b5e786d17f2a9db96ec66136ca6d403a48baf
 tor-browser-gnu-linux-x86_64-2.3.25-10-dev-en-US.tar.gz
    d09b5e786d17f2a9db96ec66136ca6d403a48baf
 tor-browser-some-other-version.tar.gz

and

    ~ > gpg --verify tor-browser-some-other-version.tar.gz{.asc,}
    gpg: Signature made Wed 26 Jun 2013 11:32:11 PM CEST using RSA key ID
63FEE659
    gpg: Good signature from "Erinn Clark <erinn@xxxxxxxxxxxxxx>"
    gpg:                 aka "Erinn Clark <erinn@xxxxxxxxxx>"
    gpg:                 aka "Erinn Clark <erinn@xxxxxxxxxxxxxxxx>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the
owner.
    Primary key fingerprint: 8738 A680 B84B 3031 A630  F2DB 416F 0610 63FE
E659
    ~ >

After unpacking the TBB there is no indication of the TBB version in
the tor-browser_en-US/ directory. Also Videlia's 'About' icon only
gives the version numbers of Tor, Qt and Videlia The only good
indication of something being wrong is the time-stamp in the PGP
signature.

I think this should be mentioned somewhere in the documentation on
verifying signatures
(https://www.torproject.org/docs/verifying-signatures.html.en).

Best,
Frithjof
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Verifying Tor packages.
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] Tor browser
Next by Author: Re: [tor-talk] Secure email with limited usable metadata
Previous by thread: Re: [tor-talk] Introducing Tor Forums :-)
Next by thread: Re: [tor-talk] Verifying Tor packages.
Index(es):
- Author
- Thread