On Thu, Mar 05, 2020 at 03:56:55PM +0000, Mark Fernandes wrote:
> Well that's an idea. But still what if the software you are being 'fed' is
> all tampered software, so that after replacing the computer, as soon as you
> use software, you are compromised again?
> Purchasing a new computer can also be expensive, and still in any case, you
> might find that any software pre-installed on it may have already been
> compromised.
welcome to "supply chain security is hard".
please have a seat next to that person posting here in the last days
how he doesnt trust chips from china...
the end result is still:
as long as you dont have a computer you trust, the whole rest
of this is pointless.
if you have a computer you trust, verifying a signature is a lot
more useful than variations of "i bought it in a shop while wearing
a fake beard, so it is certainly legit".
(which applies to the hardware too!)
and the point of using different sources of info on the master key
is that an attacker who wants to fool you has to intercept every
single one of them. if he misses even one, the game is off.
and getting the master key fingerprint from many different
directions/sources seems a lot more realistic than doing the same
for an iso image...
and you dont have to trust any one of these sources, but if you
add up enough of these untrusted sources, you can still trust
the end result as long as your threat model doesnt include every
single of the sources conspiring against you, or being compromised
by the same attacker...
> Eg. suppose you are a person like Edward Snowden, and that you are a
> targeted individual. Then such intensive manipulation is perhaps entirely
> plausible.
i am reasonably sure you are not ed snowden.
(if you are: sorry. i assumed ed snowden to know what a hash and
signature are.)
but here is another headache:
(warning: nerd-sniping and messing-with-tinfoilhats ahead)
you are of course right that checking hashsums or signatures isnt
100% safe. what if there are alien quantum computers involved.
lets run numbers, the "basic math" kind:
the qubes 4.0.3 iso is 38646317056 bits in size.
the signature is against a 256 bit hash (over 1056 bits of intermediate
hashes plus some metadata).
so there are about 2**38646316800 different iso images of the same size
that will match this signature. or 2**38646316000 to match the intermediate
hashes so you wouldnt have to bother faking the sigfile.
thats close enough to "infinitely many" for me to not actualy calculate it.
(hint: thats several times the estimated number of atoms in the universe)
wait. who said the evil iso has to be the same size?! no one.
so, aeh, there are infinite amounts of infinite piles of iso
images that all match this signature!
but probably even edward snowden is ok with a reasonably sized signature.
because else we might as well just toss this whole internet
and computer thing out the window.
(and do i double down now or wait for the likely next round to mention that
the qubes master key might be considered compromised because the qubes
team never planned for having a senior member leave the team... *coughs* ;)
please dont get me wrong, critical thinking is good, but its also
important to stay somewhat reasonable about your threat model, because
once you get stuck worrying about class 4+ picotech perversions, you
wont get much done anymore...