
“Only the paranoid survive.” – Qubes OS signature mismatch - elux
https://twitter.com/desantis/status/805479980184588292
======
Gruselbauer
Redownload. Check again. I'm on satellite internet with the horrible latencies
and frequent timeouts associated with that tech, I recently had the netinstall
image for Debian fail integrity checking three times in a row, from the http
mirrors. Guy from the link said it himself, download via torrent and all is
well.

Generally, being on such terrible interwebs I get angry whenever I hear people
claim torrents are only for piracy. We all know they're wrong, but my legal
torrent use has really never been more intense. Rsync's ability for aggressive
retrying is also blessed :)

~~~
simcop2387
Yea that's one thing I really love about torrents. Because of the giant set of
hashes they use, it makes it really great to verify integrity of the download.
You've got a hash for each block (128k by default) and for the overall
download, along with the complete size of the file.

~~~
masklinn
> each block (128k by default)

Depends on the seed creation software, Tixati defaults to 256k for instance,
kind-of: it's the default value of the box, but a new default is recomputed
based on the amount of data included in the torrent. If I try to seed my local
install of Bastion (920MB) it picks 1MB, Atom Zombie Smasher (25MB) yields
64kB, and Shadowrun Hong Kong (9GB) picks 4MB.

~~~
simcop2387
Interesting. It's been a long time since I've created any of my own (a decade?
geeze I feel old) so it's apparently a bit different.

------
lwf
There are a bunch of reasons this could've happened -- corrupted downloads are
not unheard of on poor connections. Maybe the file was truncated.

Or maybe it was the NSA. Without any further analysis, this isn't particularly
noteworthy.

~~~
wolfgke
The _first_ step is to _detect_ the wrong signature. The _next_ step is to
compare the files to see whether truncation, bitswap etc. happened or whether
the manipulation went deeper. Or for the more paranoid people: See what
dangerous attack code can be introduced into the software by such an innocent-
looking manipulation and whether the modification that happened did introduce
such an exploit or not.

------
quickben
Seeking publicity instead of trying to redownload and verify.

News today, sigh :(

~~~
0xCMP
He did redownload and verify via BT. He seems to also be rebuilding from
source(?).

------
lillesvin
There's nothing yet to suggest that it's not just a corrupted download.

~~~
astrodust
Cosmic ray bit flip also a possibility.

------
trdtaylor1
Best way to elevate your crypto project, get targeted. Doesn't matter if it
actually happened.

------
daveio
Can't speak to targeted interference, but I can fetch the ISO and signature
from the mirror he used, and verify it successfully.

output:
[https://gist.github.com/daveio/edac4aaee516cd6a408d5c8e763ce...](https://gist.github.com/daveio/edac4aaee516cd6a408d5c8e763cef5f)

------
mocko
For reference, here's a check of the torrent with the .torrent file I snagged
from [https://www.qubes-os.org/downloads/](https://www.qubes-
os.org/downloads/) last night. Master signing key checked against the
fingerprint published on the mailing list in 2013. Looks legit.

    
    
      Qubes-R3.2-x86_64 moi$ gpg --verify Qubes-R3.2-x86_64.iso.asc Qubes-R3.2-x86_64.iso
      gpg: Signature made Tue Sep 20 18:33:37 2016 BST using RSA key ID 03FA5082
      gpg: Good signature from "Qubes OS Release 3 Signing Key" [full]

~~~
mocko
For reference II - downloaded the .iso. Despite a usually robust connection
the download was interrupted three times. I have no idea whether this
signifies anything. Curl resumed where it left off and in the end...

    
    
      Qubes-R3.2-x86_64 moi$ gpg --verify Qubes-R3.2-x86_64.iso.asc Qubes-R3.2-x86_64.iso_WEBDL
      gpg: Signature made Tue Sep 20 18:33:37 2016 BST using RSA key ID 03FA5082
      gpg: Good signature from "Qubes OS Release 3 Signing Key" [full]
    

Of course (skipping merrily off into tinfoil-hat-land) that doesn't eliminate
the possibility that the OP's download had been MITM-ed. However this would
have to be by someone who:

1) Controls part of the network infrastructure between them and
mirrors.kernel.org (i.e. routers, cables or DNS)

2) Can fake a TLS certificate for mirrors.kernel.org

So, corrupted download or a targeted MITM attack by a state-level actor? Who
the hell knows anymore.

------
imjustsaying
when did download errors become newsworthy? are networks that robust now?

------
loeg
Probably just truncated.

