Bug 11345

Summary: Secure downloads with PGP key and abolish SHA-1
Product: Infrastructure Reporter: Michael Tremer <michael.tremer>
Component: Web SiteAssignee: Peter Müller <peter.mueller>
Status: CLOSED FIXED QA Contact: Michael Tremer <michael.tremer>
Severity: Security    
Priority: Will affect all users CC: gerard5609, markrijckenberg, peter.mueller
Version: unspecifiedKeywords: Security
Hardware: unspecified   
OS: Unspecified   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=11660

Description Michael Tremer 2017-05-11 17:05:50 UTC
This is suggested by Mark Rijckenberg from Belfius:

Hi,
 
I noticed that your team still distributes SHA1 checksums for the .iso images for IPFire  at – for example – the following URL:
 
http://downloads.ipfire.org/release/ipfire-2.19-core110
 
May I kindly ask you to take a look at the following links?
 
https://en.wikipedia.org/wiki/Secure_Hash_Algorithms
 
https://github.com/gobolinux/LiveCD/issues/8
 
MD5, SHA-0 and SHA1 are all vulnerable to collision attacks.
 
SHA256 (or SHA512) is now the standard (for the moment).
 
I highly recommend dropping the use of SHA1 and replacing it with only SHA256 (or SHA512).
 
I am simply using Qubes OS as an excellent point of reference, which uses SHA256 and SHA512.
 
https://www.qubes-os.org/security/verifying-signatures/
 
https://www.qubes-os.org/downloads/
 
Concerning the use of Bittorrent, could you please read this?
 
https://www.ghacks.net/2016/02/21/linux-mint-hacked-iso-images-compromised/
 
If you put the .iso image and corresponding SHA256 checksum file in a .zip file and distribute it immediately via Bittorrent BEFORE hosting it on a website, hackers will probably not be able to compromise the integrity of the .iso image, because the SHA256 checksum in the Bittorrent file is much harder to alter than one stored on a website. Furthermore, you then have the option of comparing the SHA256 value in the .torrent file with the value on the website. This goes even further than what most  GNU/Linux distributions actually do….
 
“The reason is simple; popular torrents are distributed from several seeders and peers, and once they are in circulation, it is not possible to manipulate the data, say replace it with a hacked image.”
 

----


Goal would be to create a detached PGP signature and include that in the torrent files and show that on the website so that every downloader can verify our ISO images.
Comment 1 Peter Müller 2018-01-14 13:42:35 UTC
* ping * ;-)
Comment 2 Peter Müller 2018-09-12 18:57:37 UTC
- ping - (again)

If there is something I can do for solving this, let me know.

sha1-diediedie :-)
Comment 3 Michael Tremer 2018-09-13 14:38:07 UTC
(In reply to Peter Müller from comment #2)
> - ping - (again)
> 
> If there is something I can do for solving this, let me know.
> 
> sha1-diediedie :-)

Yes, you could implement all of this :)
Comment 4 Peter Müller 2018-09-13 19:10:04 UTC
Okay. If any questions arise, I will let you know.
Comment 5 Peter Müller 2018-09-13 21:08:20 UTC
Seems like I do not have access to the webserver. Could you please show me which is the correct machine and grant access to it? Thanks.
Comment 6 Michael Tremer 2018-09-14 10:46:25 UTC
What do you need access to the web server for?
Comment 7 Peter Müller 2018-09-14 16:10:31 UTC
(In reply to Michael Tremer from comment #6)
> What do you need access to the web server for?
Well, I guess the installation media checksums are living on some webserver (downloads.ipfire.org) ...
Comment 8 Peter Müller 2018-09-14 17:13:53 UTC
Forget about my last comment. Just found the webapp file... :-\
Comment 9 Peter Müller 2018-11-26 17:39:41 UTC
https://git.ipfire.org/?p=ipfire.org.git;a=commit;h=752c8888e6038fec2f8b3fc1b97deb8b91a4dbce implements SHA256 checksums on website if available. (Thanks, Michael.)
Comment 10 Mark Rijckenberg 2018-11-26 18:17:32 UTC
Hi,

Thank you for implementing the SHA256 checksums on your website.

I found them here:

https://www.ipfire.org/download/ipfire-2.21-core125

Regards,

Mark Rijckenberg
Comment 11 Michael Tremer 2018-11-27 10:02:49 UTC
Hey,

thanks for being quicker than me. I added those to the database yesterday with the release.

However, this isn't the end of the story for me. I still want a proper signature on the images instead of a cryptographically secure checksum. The purpose of the checksum is still being a checksum and nothing else :)
Comment 12 gpatel-fr 2019-09-13 21:19:35 UTC
*** Bug 12180 has been marked as a duplicate of this bug. ***
Comment 13 gpatel-fr 2019-09-13 21:27:22 UTC
Note that most distros are not signing the images themselves (too big), they are signing the hashes instead (see my bug 12180 for links showing that)