FAQ: Explain why we don't give a SHA of the ISO image
#3 Updated by cbrownstein about 1 year ago
I'm happy to take on this ticket, but first, I need some input to understand exactly why SHA checksums are no longer provided.
I've read sajolida's note in #11623:
Regarding checksum. We removed checksum verification last year because we couldn't find a way to document how to use these checksum easily on Windows, Mac, and Linux (we tried for many years before that and failed). Right now we provide three techniques for verification (Firefox extension, BitTorrent, and OpenPGP) which are equivalent and sometimes superior to checksum. People like you who are technical enough to already do checksum verification on their favourite OS are probably technical enough to rely on BitTorrent or OpenPGP verification if they don't like the Firefox extension (which I can understand).
I understand the difficulty reason pointed out in that note. It's the verification reason I'm not quite understanding.
PGP verification makes sense to me. Tails ISOs are signed by the Tails signing key. The Tails signing key can be authenticated through the web of trust: the Tails signing key is signed by individuals I already trust, so I trust that the Tails signing key I've downloaded is the real Tails signing key. This method of verification, through PGP, holds up if the Tails website is compromised.
I imagine the verification reason SHA checksums are no longer provided is because if the Tails website is compromised, a fake checksum could be substituted for the real checksum. If that happens, a modified ISO could appear to be legitimate.
Based on my understanding of how BitTorrent works, it also is not a trustworthy method to verify the integrity of a Tails ISO. If the Tails website is compromised, couldn't the attacker replace the real .torrent file with a malicious one?
(I have no experience with the Firefox extension so I can't comment on it.)
Hopefully I'm not too off the mark here.
#5 Updated by sajolida about 1 year ago
- Assignee set to cbrownstein
- QA Check deleted (
It's good that you make sure to understand the issue well before start with your draft :)
Your security analysis is right so far. The basic assumption here is that, unless people have previous knowledge of how to do the web-of-trust verification, they will always depend on the instructions or on the data on our website to perform the verification, and thus on the encryption and authentication provided by HTTPS:
- If you use OpenPGP without the web-of-trust, you download our signing key over HTTPS and use it to verify.
- If you use BitTorrent, you download the Torrent file from our website and your BitTorrent client will do a checksum verification at the end of the download.
- If you use the Firefox extension, the extension will fetch a ISO Description File (IDF) from our website and do a checksum verification at the end of the download.
It might sound a bit overkill to provide these techniques to only get something as trustworthy as HTTPS but in the context of downloading Tails they make sense:
- We don't have the infrastructure to provide all downloads ourselves and rely on third-party mirrors for capacity. On the other end our website is much more trusted.
- On top of the encryption and authentication provided by HTTPS we also want to check the integrity of the downloads: that they are complete and that there was not bug in the download.
So providing a checksum on our website would bring the same level of security (not more not less) and we don't want to clutter our installation and download instructions with yet another method while, in terms of usability, we couldn't find easy ways to document how to verify the checksum in a way that is cross-platform.
Still, many power users bother us with "GIVING THE SHAAAA!" but our opinion is that this public should do BitTorrent or learn basic OpenPGP.
Hopefully, things will get better if we manage to port the Firefox extension to Chrome and cover more public this way.
Do you need to know anything else?
I've done way too much technical writing this year already and want to focus on doing more UX in the coming months. So I won't be very proactive on this front but I'll still be very happy to provide input and review your work :)
#8 Updated by cbrownstein about 1 year ago
sajolida: Thank you always for your guidance. :-)
I believe I understand the issue now.
The compromised Tails website scenario concerned me because the website for a Linux distro, namely, Linux Mint, has in the past been compromised.
In that case, a backdoor was inserted in a modified ISO.
- Assignee changed from sajolida to cbrownstein
- QA Check deleted (
@cbrownstein: I'm also very concerned about a hypothetical compromision of our website. The thing is that, if this was to happen, all verification techniques would basically be game over (expect a careful web-of-trust verification). So we have to discard this option for all the more simplistic verification technique which are still desperately needed by a vast majority of our audience.
@u: We are not providing a checksum not because of trust issue (it would be as trustworthy as DAVE or BitTorrent) but for the sake of simplicity as we are already offering 3 equivalent techniques and also because checksum verification wouldn't cover a very interesting audience (we tried for years to provide an easy and graphical way of doing it but failed).
#14 Updated by cbrownstein 5 months ago
- Assignee changed from cbrownstein to sajolida
- QA Check set to Info Needed
Here's what I have:
Where can I find the SHA hash to verify my Tails download?
We do not provide a SHA hash to verify your Tails download. Verification using
a SHA hash is no better than verifying using our download extension,
BitTorrent, or OpenPGP. These verification methods all rely on some information
being securely downloaded from our website using HTTPS. Similarly, verification
using a SHA hash would rely on the hash being securely downloaded from our
website. In order to verify your ISO download without having to rely on some
information being securely downloaded from our website, you need to use [OpenPGP]
and [authenticate our signing key] through the OpenPGP Web of Trust.
The bracketed language would be linked to:
N.B. #14788 will have to be resolved before the above links will work.