Cybersecurity

9128 readers

243 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Follow Up: PGP vs. HTTPS for Software Authenticity (lemmy.frozeninferno.xyz)

submitted 13 hours ago by BigHeadMode@lemmy.frozeninferno.xyz to c/cybersecurity@sh.itjust.works

2 comments fedilink hide all child comments

Follow up of https://lemmy.frozeninferno.xyz/post/60352426

A good use case to have: I want to ensure my OS is authentic. I want to run Ubuntu from the Ubuntu people, Qubes from the Qubes people, and so on. Once the OS is booted, it is assumed that native tools inside it can verify the authenticity of the software that is run. If this is not the case, leave a comment and I'll reply or make a new post.

Comment:

I don't think you understand how apt works. Anyone can roll out a mirror.

Also, again, the hashes need verification. Trusting the transport rather than a signature is obviously going to lead to compromise somewhere in the chain.

Look buddy, you do you. If you clearly already aren't using the signatures provided with hashes when you use hashes, so it's no bother to you. Apt, and I, will continue doing so.

So what is the threat here?

Trusting the transport rather than a signature is obviously going to lead to compromise somewhere in the chain.

This makes no sense to me. The transport = the HTTPS chain? If so, that's all encrypted. It's like saying that my bank password is going to be slurped off public wifi (when the site is HTTPS).

My "plan C" and "plan D" remain viable threats against the "hash, don't check signatures" strategy. Any OS worth hashing is worth signing, so plan D is the one to look at.

❌ plan D

good guy creates software.org
distributes legit software and public keys
bad guy compromises software.org at a later date
did not compromise the public key (created years prior by the true owner)
bad guy cannot distribute software that matches the public key
software is malware, served over valid https, and verifiable with malware hashes served by bad guy
hashes would "validate" the malware, but key verification would fail

What good is a PGP key?

Something I did not think about in my OP, but realize now after reading up on PGP - the good guy's PGP key would have to be available to me as an end user. There could(?) be two Ubuntu PGP keys fighting for authenticity. Such an attack would be very gutsy and obvious. But as someone new to this ecosystem, it seems you must first trust one party.

In the ideal case:

I physically verify someone's identity documents (passport, etc.)
I get their key
their key is connected via a short number of hops to the software I want. Let's say 4 hops to an Ubuntu developer.
now what?

The one person I verify could show me fake documents. Not very likely. But I feel like neither is compromising ubuntu.com ? Especially with nobody noticing? A lot of major software is mirrored on Github too. So PGP is better than hashing two files because? The examples here don't help.

I think the commenter assumed I was arguing that the OS should not do verification in apt or other tools. What the OS does is none of my business. I just want to defend against (or even better, understand) threats. If you can install a 100% authentic Ubuntu ISO and have apt install curl lead to a version of curl other than what the maintainers of curl and/or Ubuntu intend for you to install, I would hope I know that by now.

top 2 comments

sorted by: hot top controversial new old

[–] TauZero@mander.xyz 3 points 12 hours ago (1 children)

In practice, PGP signatures/keys usually work using the "trust on first use" model. The web-of-trust/physical verification of ID documents is a fun idea, but I've never met anyone who has used that method in the wild.

The difference between publishing hashes and signatures/keys vs. publishing hashes-only, is that you only need to trust the published keys the first time. They don't change from year to year. If one year someone hacks ubuntu.com and changes the image files and hashes AND uploads fake keys with signatures, you will notice that the signatures fail to match your saved keys and suspect something fishy.

This will not save you if this is your first time visiting ubuntu.com that happens to be the same day that it has been hacked, but it will protect everyone who has ever visited before and saved the keys. But if the releases were published with hashes-only, every year would be a new hash and a hack would easier slip through.

You can also try to verify the Ubuntu key out-of-band in places other than ubuntu.com, such as in blog posts, old forum/twitter/reddit posts, etc. In principle, hashes could be published on 3rd-party blog posts too, but again they change every year so not as interesting and you won't find them in as many random places as the pubkeys.

[–] BigHeadMode@lemmy.frozeninferno.xyz 2 points 56 minutes ago

Trust on first use makes a ton of sense. It would be nice if the PGP people explained that prominently.