integrity of commercial CD set

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

integrity of commercial CD set

Enos D'Andrea
Hello,

Please how is one supposed to verify the integrity of an official
OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and received
by physical mail?

Those CD images (with multiple platforms on the same CD) do not seem to
be available for download. Their checksums (provided mine are not
corrupted) are not even indexed by major search engines.


Thanks,
Regards

--
Enos D'Andrea

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Theo de Raadt
> Please how is one supposed to verify the integrity of an official
> OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and received
> by physical mail?
>
> Those CD images (with multiple platforms on the same CD) do not seem to
> be available for download. Their checksums (provided mine are not
> corrupted) are not even indexed by major search engines.

Each directory on the CD is signed using signify and the 5.6 keys
listed at http://www.openbsd.org/56.html

As a shortcut, you can compare the the CD 5.6/amd64/SHA256.sig to
http://ftp.openbsd.org/pub/OpenBSD/5.6/amd64/SHA256.sig, but do
run signify to verify the other files.

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Enos D'Andrea
In reply to this post by Enos D'Andrea
On 12/01/2015 20:34, Theo de Raadt wrote:

>> Please how is one supposed to verify the integrity of an official
>> OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and
>> received by physical mail? [...]
>
> Each directory on the CD is signed using signify and the 5.6 keys
> listed at http://www.openbsd.org/56.html [...]


Thanks, but I was hoping for a method that would also verify the CD boot
process, and that would not require downloading and installing a second
image or trusting the CD to verify itself.


On a side note, CD #2 (amd64, powerpc, song) includes more than 15Mb of
space not directly allocated in files (excluding the audio track):

# mount -o ro /dev/sr0 /mnt/cdrom
# df -B KB /dev/sr0
Filesystem     1kB-blocks     Used Available Use% Mounted on
/dev/sr0         630047kB 630047kB       0kB 100% /mnt/cdrom
# du -B KB -s /mnt/cdrom/
614111kB /mnt/cdrom/


For the records:

# sha256sum /dev/sr0 #CD1
a9958a206d7acb12a4b544f5df301261a92c4bec06b85c3964dd834ef622a22a

# cat /dev/sr0 > cd2.iso #CD2
cat: /dev/sr0: Input/output error
# du -b cd2.iso
630345728
# sha256sum cd2.iso
72f2201021168c9132bea3e6ebf1fe250b394528c3c766ace2556a614bc8dd7e

# sha256sum /dev/sr0 #CD3
466e4f4c0506711bcbb4bd31601f0fb16c154df2e52c4d9596c9fa91efeddee4


Regards

--
Enos D'Andrea

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Mihai Popescu-3
In reply to this post by Enos D'Andrea
> Thanks, but I was hoping for a method that would also verify the CD boot
> process, and that would not require downloading and installing a second
> image or trusting the CD to verify itself.

Next time, it is better to ask what you hope for. You asked how to
check and you got the answer, then you moved to something else ...

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Stefan Sperling-5
In reply to this post by Enos D'Andrea
On Wed, Jan 14, 2015 at 10:49:01AM +0100, Enos D'Andrea wrote:
> Thanks, but I was hoping for a method that would also verify the CD boot
> process, and that would not require downloading and installing a second
> image or trusting the CD to verify itself.

Bootstrapping trust is always going to be hard no matter what we do
and how hard we try. Since releases have been signed (since 5.4) people
have been asking for even more verification than they used to ask for.

This puzzles me. Before signify the answer to the trust problem was "buy a CD"
and most paranoid people went with that. Now the answer has become "buy a CD
and cross-check it with signify" and it's still not enough. What's next,
should we invite everyone to Theo's house to run a collective install fest
from his NFS server?

From the developer point of view it seems to be more a problem of managing
expectations rather than a technical one. :-/

Speaking of which: Are you sure you can trust the hardware you're booting
this CD on? Is it by chance a laptop that supports Intel vPro?
In this case it likely runs SOAP/TLS(OpenSSL)/Kerberos code in firmware
and the OS can't make any hard guarantees about the safety of your machine
anyway: https://software.intel.com/sites/default/files/71/eb/mngstages.jpg
In other words, if you really want to argue trust down to the very last
bit the discussion becomes pointless very quickly. It is never going
to be perfect.

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Enos D'Andrea
On 14/01/2015 12:24, Stefan Sperling wrote:

> Bootstrapping trust is always going to be hard no matter what we do
> and how hard we try. [...] Now the answer has become "buy a CD
> and cross-check it with signify" and it's still not enough. [...]

<paranoia>

"Buying a CD" in my case includes a 5.000 mile trip through multiple
"five-eyes" nations, whose overzealous three letter agencies officially
intercept physical shipments to install backdoors and hardware implants.

"Cross-checking" of OpenBSD commercial CD sets at present can only be
partial, as no official full checksums seem to be provided. Even
cross-checking *all* files referenced by the ISO filesystem would still
allow a malicious boot sector to directly reference unallocated space.

Let's call a spade a spade: the worst-case scenario is an APT
intercepting the shipment of a commercial CD set, substitute one or more
CDs and repackage it. Extremely unlikely for the average person,
not-so-much for IT security consultants with important clients.

</paranoia>


Regards

--
Enos D'Andrea

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Theo de Raadt
In reply to this post by Enos D'Andrea
> >> Please how is one supposed to verify the integrity of an official
> >> OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and
> >> received by physical mail? [...]
> >
> > Each directory on the CD is signed using signify and the 5.6 keys
> > listed at http://www.openbsd.org/56.html [...]
>
>
> Thanks, but I was hoping for a method that would also verify the CD boot
> process, and that would not require downloading and installing a second
> image or trusting the CD to verify itself.

Don't see a nice way of doing what you want.

> On a side note, CD #2 (amd64, powerpc, song) includes more than 15Mb of
> space not directly allocated in files (excluding the audio track):

The ISO format that allows an audio track after a data track unfortunately
requires a pretty significant gap, and a pad after the audio.  I've lost
hair over this.  Really wish I had access to a CD expert who could help me
improve this.

So you've hashed the whole CDs.  There are very few people who will do this
as a verification method, so few that it feels unreasonable.

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Martin Brandenburg
In reply to this post by Enos D'Andrea
"Enos D'Andrea" <[hidden email]> wrote:

> On 14/01/2015 12:24, Stefan Sperling wrote:
>
> > Bootstrapping trust is always going to be hard no matter what we do
> > and how hard we try. [...] Now the answer has become "buy a CD
> > and cross-check it with signify" and it's still not enough. [...]
>
> <paranoia>
>
> "Buying a CD" in my case includes a 5.000 mile trip through multiple
> "five-eyes" nations, whose overzealous three letter agencies officially
> intercept physical shipments to install backdoors and hardware implants.
>
> "Cross-checking" of OpenBSD commercial CD sets at present can only be
> partial, as no official full checksums seem to be provided. Even
> cross-checking *all* files referenced by the ISO filesystem would still
> allow a malicious boot sector to directly reference unallocated space.
>
> Let's call a spade a spade: the worst-case scenario is an APT
> intercepting the shipment of a commercial CD set, substitute one or more
> CDs and repackage it. Extremely unlikely for the average person,
> not-so-much for IT security consultants with important clients.
>
> </paranoia>
>
>
> Regards
>
> --
> Enos D'Andrea

Where have you heard that? Intercepting physical mail secretly is really
hard, especially if you don't want the post office to know about it.
Think of everyone who would need to know. Anyone who doesn't know would
be trying to get the package correctly delivered. Best case you plant
somebody (multiple people; imagine if your plant was assigned to
something else on the critical day) in the destination post office.

It's extremely unlikely for anyone. Travel to Canada and receive it
there. Oh wait, Canada is really friendly with all the governments
you're scared of. Hopefully you don't live in one of these nations. Why
are you not scared of your own government? They pose the greatest threat
to your liberty.

And since this software is developed out of Canada, how do you know it
can be trusted to begin with? Why do you trust Theo exactly? He seems
like a nice guy, and he's done a very good job with OpenBSD, but you
don't know him. If he were a secret agent, that would be exactly what
he'd want you to think.

No, you trust Theo and OpenBSD because you have no better option. Don't
pretend you increase your security by proving the software came from a
source you can't prove is trustworthy.

You'd do better to audit the source.

Security is about pushing attacks out of your attackers' ability or
price range. If your attackers' ability and price range is greater than
what you're willing to expend on security, you're compromised. Are you
willing to go to the effort that defending against your outlined attack
requires? Probably not. Unless you're very very important, you eliminate
the possibility of distribution attack by getting signify keys of CDs.

-- Martin

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Stefan Sperling-5
In reply to this post by Enos D'Andrea
On Wed, Jan 14, 2015 at 02:32:07PM +0100, Enos D'Andrea wrote:
> "Buying a CD" in my case includes a 5.000 mile trip through multiple
> "five-eyes" nations, whose overzealous three letter agencies officially
> intercept physical shipments to install backdoors and hardware implants.
                                                        ^^^^^^^^^^^^^^^^^
> "Cross-checking" of OpenBSD commercial CD sets at present can only be
> partial, as no official full checksums seem to be provided. Even
> cross-checking *all* files referenced by the ISO filesystem would still
> allow a malicious boot sector to directly reference unallocated space.

No need to worry. They won't need to mess with the CDs since your
hardware is already bugged ;)

> Let's call a spade a spade: the worst-case scenario is an APT
> intercepting the shipment of a commercial CD set, substitute one or more
> CDs and repackage it. Extremely unlikely for the average person,
> not-so-much for IT security consultants with important clients.

I understand where you're coming from, but what you're getting at is
out of scope of this project. Questions which tickle someone into
writing code to fix a problem are always well received. But if your
problem is targeted surveillance, then sorry, we simply can't fix
that any better than anyone else can, and we certainly can't fix
it by adding more code to the CD verification process.

Your scenario presents a political problem, not a technical one.
If you believe that targeted surveillance won't work on you if you
run a "verified" install of OpenBSD, you're fooling yourself.

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Christian Weisgerber
In reply to this post by Martin Brandenburg
On 2015-01-14, [hidden email] <[hidden email]> wrote:

>> "Buying a CD" in my case includes a 5.000 mile trip through multiple
>> "five-eyes" nations, whose overzealous three letter agencies officially
>> intercept physical shipments to install backdoors and hardware implants.
>
> Where have you heard that?

Part of the Snowden revelations.  Have you been living under a rock
for the past 18 months?

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Martin Brandenburg
Christian Weisgerber <[hidden email]> wrote:

> On 2015-01-14, [hidden email] <[hidden email]> wrote:
>
> >> "Buying a CD" in my case includes a 5.000 mile trip through multiple
> >> "five-eyes" nations, whose overzealous three letter agencies officially
> >> intercept physical shipments to install backdoors and hardware implants.
> >
> > Where have you heard that?
>
> Part of the Snowden revelations.  Have you been living under a rock
> for the past 18 months?
>
> --
> Christian "naddy" Weisgerber                          [hidden email]

They are not regularly intercepting CD shipments and replacing the CDs.
It would not be unusual for an intelligence agency to attempt to intercept
particular mails for particular people, but they can't do it at scale
secretly.

-- Martin

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Theo de Raadt
In reply to this post by Enos D'Andrea
> > On 2015-01-14, [hidden email] <[hidden email]> wrote:
> >
> > >> "Buying a CD" in my case includes a 5.000 mile trip through multiple
> > >> "five-eyes" nations, whose overzealous three letter agencies officially
> > >> intercept physical shipments to install backdoors and hardware implants.
> > >
> > > Where have you heard that?
> >
> > Part of the Snowden revelations.  Have you been living under a rock
> > for the past 18 months?
> >
> > --
> > Christian "naddy" Weisgerber                          [hidden email]
>
> They are not regularly intercepting CD shipments and replacing the CDs.
> It would not be unusual for an intelligence agency to attempt to intercept
> particular mails for particular people, but they can't do it at scale
> secretly.

Finding them inside the global shipping system is easier than you
think, because the CDs labels are printed using the radioactive paint
they gave us.

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Jack Woehr-2
Theo de Raadt wrote:
> Finding them inside the global shipping system is easier than you
> think

One of the joys of growing old is watching the really bad sci fi you read as a youth all come true :)

--
Jack Woehr               # "There's too much emphasis on things
Box 51, Golden CO 80402  #  like pawn structure in modern chess.
http://www.softwoehr.com #  Checkmate ends the game." - N. Short

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

RichardET
In reply to this post by Theo de Raadt
I bought a can of this paint from a hardware store up in Lake Louise last
week.




On Wed, 14 Jan 2015, Theo de Raadt wrote:

>>> On 2015-01-14, [hidden email] <[hidden email]> wrote:
>>>
>>>>> "Buying a CD" in my case includes a 5.000 mile trip through multiple
>>>>> "five-eyes" nations, whose overzealous three letter agencies officially
>>>>> intercept physical shipments to install backdoors and hardware implants.
>>>>
>>>> Where have you heard that?
>>>
>>> Part of the Snowden revelations.  Have you been living under a rock
>>> for the past 18 months?
>>>
>>> --
>>> Christian "naddy" Weisgerber                          [hidden email]
>>
>> They are not regularly intercepting CD shipments and replacing the CDs.
>> It would not be unusual for an intelligence agency to attempt to intercept
>> particular mails for particular people, but they can't do it at scale
>> secretly.
>
> Finding them inside the global shipping system is easier than you
> think, because the CDs labels are printed using the radioactive paint
> they gave us.

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Theo de Raadt
In reply to this post by Enos D'Andrea
> I bought a can of this paint from a hardware store up in Lake Louise last
> week.

We already knew that.

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Enos D'Andrea
In reply to this post by Martin Brandenburg
On 14/01/2015 17:03, [hidden email] wrote:
> [...] you trust Theo and OpenBSD because you have no better option.
> Don't pretend you increase your security by proving the software came
> from a source you can't prove is trustworthy. [...]

More than Theo himself, what makes me trust OpenBSD is its stable,
clean, open and essential code reviewed by a very skilled community.
That's why I go the extra mile(s) to ensure running *that* code.


<off-topic>

> Security is about pushing attacks out of your attackers' ability or
> price range. [...] Are you willing to go to the effort that defending
> against your outlined attack requires?

Being my current line of work, yes. Not that I or my clients have
anything malicious to hide, but some government agencies and vendors
seem to have lost touch with reality and/or ethics.

The discussion went off topic. I was just after signed CD checksums, to
raise the security of my physical delivery on par with that of the
source code. Never mind: I will make do with downloading an ISO, while
the kid within me enjoys the boxed CD set (which, save missing CD
checksums for paranoid security people, is very nice indeed).

</off-topic>


Many thanks to Theo and the others for your advice and opinions.

Regards

--
Enos D'Andrea

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Milun Rajkovic
In reply to this post by Jack Woehr-2
  Sometimes I wish mailing lists having a "like" button ;)

On Wed, Jan 14, 2015 at 6:30 PM, Jack Woehr <[hidden email]> wrote:

> Theo de Raadt wrote:
>
>> Finding them inside the global shipping system is easier than you
>> think
>>
>
> One of the joys of growing old is watching the really bad sci fi you read
> as a youth all come true :)
>
> --
> Jack Woehr               # "There's too much emphasis on things
> Box 51, Golden CO 80402  #  like pawn structure in modern chess.
> http://www.softwoehr.com #  Checkmate ends the game." - N. Short

Reply | Threaded
Open this post in threaded view
|

Re: integrity of commercial CD set

Joel Rees-2
In reply to this post by Enos D'Andrea
On Thu, Jan 15, 2015 at 3:27 PM, Enos D'Andrea <[hidden email]> wrote:

> On 14/01/2015 17:03, [hidden email] wrote:
>> [...] you trust Theo and OpenBSD because you have no better option.
>> Don't pretend you increase your security by proving the software came
>> from a source you can't prove is trustworthy. [...]
>
> More than Theo himself, what makes me trust OpenBSD is its stable,
> clean, open and essential code reviewed by a very skilled community.
> That's why I go the extra mile(s) to ensure running *that* code.
>
>
> <off-topic>
>
>> Security is about pushing attacks out of your attackers' ability or
>> price range. [...] Are you willing to go to the effort that defending
>> against your outlined attack requires?
>
> Being my current line of work, yes. Not that I or my clients have
> anything malicious to hide, but some government agencies and vendors
> seem to have lost touch with reality and/or ethics.
>
> The discussion went off topic. I was just after signed CD checksums, to
> raise the security of my physical delivery on par with that of the
> source code.

I think the attitude of the team here is that they want us to take the
responsibility of (re-)bootstrapping our trust chains ourselves.

> Never mind: I will make do with downloading an ISO, while
> the kid within me enjoys the boxed CD set (which, save missing CD
> checksums for paranoid security people, is very nice indeed).

Actually, since you have the packages etc. on the CDs, you can save
yourself quite a bit of bandwidth, just downloading the net-install
ISO and checking the checksum the mirror advertises. (And comparing
the checksums found on five other randomly selected mirrors.)

Big-name Linux projects, the packages in your DVD are old by the time
you get them. Not so with openbsd.

Once you have the base system installed, signify checks things for
you. (Under the control of various scripts.)

> </off-topic>
>
>
> Many thanks to Theo and the others for your advice and opinions.
>
> Regards
>
> --
> Enos D'Andrea
>

--
Joel Rees

Be careful when you look at conspiracy.
Look first in your own heart,
and ask yourself if you are not your own worst enemy.
Arm yourself with knowledge of yourself, as well.