-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

created a torrent for the suspect file which ive attached here called 
bad.tails-i386-1.1.iso.bad.torrent


- -------- Original Message --------
Subject: SHA256 differs for bittorent versus direct download of 
tails-i386-1.1.iso, help?
Date: Thu, 24 Jul 2014 03:01:55 -0400
From: Stephen Kauffman <[email protected]>
To: [email protected]

Here's what I got and double checked with a separate hash program

C:\Users\Steve\Downloads>gpg --print-md SHA256 tails-i386-1.1.iso
tails-i386-1.1.iso: 546E30C2 982DAF3B EB844785 3ED4F4E3 2105A5D8 E5038BC6
                    5E338DB9 620308CF

C:\Users\Steve\Downloads>gpg --print-md SHA256 
./tails-i386-1.1/tails-i386-1.1.iso
./tails-i386-1.1/tails-i386-1.1.iso: 20765809 188C1E26 30735023 311E6F46
                                     B563CCDD CCA85D81 4656036D 6AFCEE8F

The second is the bittorrent I downloaded from the link on your site, and the 
first is the direct download from https://tails.boum.org/

C:\Users\Steve\Downloads>gpg --verify tails-i386-1.1.iso.sig tails-i386-1.1.iso
gpg: Signature made 07/22/14 11:30:31 Eastern Daylight Time using RSA key ID 
BE2CD9C1
gpg: BAD signature from "Tails developers (signing key) <[email protected]>"

C:\Users\Steve\Downloads>gpg --verify tails-i386-1.1.iso.sig 
./tails-i386-1.1/tails-i386-1.1.iso
gpg: Signature made 07/22/14 11:30:31 Eastern Daylight Time using RSA key ID 
BE2CD9C1
gpg: Good signature from "Tails developers (signing key) <[email protected]>"
gpg:                 aka "T(A)ILS developers (signing key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1

Then I tried the direct download a second time and got

C:\Users\Steve\Downloads>gpg --verify tails-i386-1.1.iso.sig 
tails-i386-1.1(1).iso
gpg: Signature made 07/22/14 11:30:31 Eastern Daylight Time using RSA key ID 
BE2CD9C1
gpg: BAD signature from "Tails developers (signing key) <[email protected]>"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJT0MdrAAoJEK9s77ZqnhQRMe0IALu6733Ug26Ve86gZXUNd94X
zeKK5ec3Q34daxHy1UWey1b168aass0vZiNDYCLNILdBmeV/oEDZ9resNhG8YWFC
QPqo0QRdr2InKf7W8//bKPH+yi/zot9EFJYtQGDx9ICwvh4kObfxOWPmcVeewZXC
AyqEgH4pJaKZ1+1Nrmhns3oZGDiWbYrd+8po4VbBjlc4oU65w7uDnhNG7blFb/v3
KHd9RCuGkutk1wcN1KvP8EUw/VSVaG7LSrJJdT1/q9G3XRjiXQz4Gsc4GfAcqzoM
n75cKcYAvif0kBzuJxH97WWMmDN7VI2rWQXBJwsMHUuDGxN8dDTdceMLMRGneXc=
=DU0d
-----END PGP SIGNATURE-----

Attachment: bad.tails-i386-1.1.iso.bad.torrent
Description: application/bittorrent

_______________________________________________
tails-support mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-support
To unsubscribe from this list, send an empty email to 
[email protected].

Reply via email to