I know what signatures and hashes are. I've just never needed to be so bothered with them for my activities. I studied Computer Science at degree level....
I was recently hacked and this is why I'm so concerned about my security. I'd rather over-kill than under-kill at the moment, because later on, I'd rather not have to worry about security. Given that the operating system is such a fundamental aspect of conducting computing activities, I hardly consider it painless *at all*, to compare ISO images. I have no idea where you get the idea that doing so is difficult? >From what you have elaborated concerning signatures, you just give further reason to have concerns over trusting signatures. With sufficient computing power, sufficient time, it just seems absolutely reasonable to be able to re-hack an OS image so that it produces the same signature but also contains a security vulnerability. Or am I not enough informed (which I admit might be the case)? By the way, I consider that I am being completely reasonable with my threat model, whilst also employing critical thinking. How hard is it to go to a large PC store, and pick at random one Linux distribution, to take home, to better ensure you have system integrity? As said above, the OS is very important, and it's not as though people tend to install their OS frequently. I don't know what you mean about picotech, but I'm guessing you're probably referring to hardware or devices happening on the picometre level? I haven't said anything about such threats..... but if they are reasonably plausible (which may be the case), then perhaps certain individuals should consider them. The diversification of work is oriented to all the different aspects of it... security work is just another kind of work that sometimes needs attention. If you can't do something securely, sometimes, you should just not do it at all, and perhaps do something else, something altogether different, etc. Thanks, Mark Fernandes On Thu, 5 Mar 2020 at 17:26, <[email protected]> wrote: > On Thu, Mar 05, 2020 at 03:56:55PM +0000, Mark Fernandes wrote: > > Well that's an idea. But still what if the software you are being 'fed' > is > > all tampered software, so that after replacing the computer, as soon as > you > > use software, you are compromised again? > > Purchasing a new computer can also be expensive, and still in any case, > you > > might find that any software pre-installed on it may have already been > > compromised. > > welcome to "supply chain security is hard". > please have a seat next to that person posting here in the last days > how he doesnt trust chips from china... > > the end result is still: > as long as you dont have a computer you trust, the whole rest > of this is pointless. > if you have a computer you trust, verifying a signature is a lot > more useful than variations of "i bought it in a shop while wearing > a fake beard, so it is certainly legit". > (which applies to the hardware too!) > > and the point of using different sources of info on the master key > is that an attacker who wants to fool you has to intercept every > single one of them. if he misses even one, the game is off. > and getting the master key fingerprint from many different > directions/sources seems a lot more realistic than doing the same > for an iso image... > > and you dont have to trust any one of these sources, but if you > add up enough of these untrusted sources, you can still trust > the end result as long as your threat model doesnt include every > single of the sources conspiring against you, or being compromised > by the same attacker... > > > > Eg. suppose you are a person like Edward Snowden, and that you are a > > targeted individual. Then such intensive manipulation is perhaps entirely > > plausible. > > i am reasonably sure you are not ed snowden. > (if you are: sorry. i assumed ed snowden to know what a hash and > signature are.) > > but here is another headache: > (warning: nerd-sniping and messing-with-tinfoilhats ahead) > > you are of course right that checking hashsums or signatures isnt > 100% safe. what if there are alien quantum computers involved. > > lets run numbers, the "basic math" kind: > the qubes 4.0.3 iso is 38646317056 bits in size. > the signature is against a 256 bit hash (over 1056 bits of intermediate > hashes plus some metadata). > > so there are about 2**38646316800 different iso images of the same size > that will match this signature. or 2**38646316000 to match the intermediate > hashes so you wouldnt have to bother faking the sigfile. > thats close enough to "infinitely many" for me to not actualy calculate it. > (hint: thats several times the estimated number of atoms in the universe) > > wait. who said the evil iso has to be the same size?! no one. > so, aeh, there are infinite amounts of infinite piles of iso > images that all match this signature! > > but probably even edward snowden is ok with a reasonably sized signature. > because else we might as well just toss this whole internet > and computer thing out the window. > > > (and do i double down now or wait for the likely next round to mention that > the qubes master key might be considered compromised because the qubes > team never planned for having a senior member leave the team... *coughs* ;) > > > please dont get me wrong, critical thinking is good, but its also > important to stay somewhat reasonable about your threat model, because > once you get stuck worrying about class 4+ picotech perversions, you > wont get much done anymore... > > > > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CANJMFk8Tx7L4TWOMJs-dazDwZtVCYj4uEw0kZnpip0bPV-uu6g%40mail.gmail.com.
