A short note about verifying PGP signatures when upgrading Tor
packages; I hope this is the right place for this. This is probably
well known, but I didn't find any mention on the documentation.
Neither sha1 sums, nor PGP signatures depend on the file
name of the file to be verified. This allows some kind of replay
attack: If I can get a user to download from my side, I could choose
an old version of the TBB with some known vulnerabilities and rename
the file and the PGP signature.
If I give these files to the user he will probably not notice:
~ > sha1sum tor-browser-gnu-linux-x86_64-2.3.25-10-dev-en-US.tar.gz
tor-browser-some-other-version.tar.gz
d09b5e786d17f2a9db96ec66136ca6d403a48baf
tor-browser-gnu-linux-x86_64-2.3.25-10-dev-en-US.tar.gz
d09b5e786d17f2a9db96ec66136ca6d403a48baf
tor-browser-some-other-version.tar.gz
and
~ > gpg --verify tor-browser-some-other-version.tar.gz{.asc,}
gpg: Signature made Wed 26 Jun 2013 11:32:11 PM CEST using RSA key ID
63FEE659
gpg: Good signature from "Erinn Clark <er...@torproject.org>"
gpg: aka "Erinn Clark <er...@debian.org>"
gpg: aka "Erinn Clark <er...@double-helix.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE
E659
~ >
After unpacking the TBB there is no indication of the TBB version in
the tor-browser_en-US/ directory. Also Videlia's 'About' icon only
gives the version numbers of Tor, Qt and Videlia The only good
indication of something being wrong is the time-stamp in the PGP
signature.
I think this should be mentioned somewhere in the documentation on
verifying signatures
(https://www.torproject.org/docs/verifying-signatures.html.en).
Best,
Frithjof
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
