file checksums

[Martin Baxter]

On 23/04/14 01:38, Richard Gaskin wrote:
> I see a lot of sites that offer files to download also including an MD5
> value or other checksum, ostensibly so we can verify the integrity of
> the package before running it.
> 
> Sounds good, but if a hacker has sufficient control of a server to
> replace the package, would he not also be able to update the checksums
> displayed there to reflect those in his modified package?
> 
> I like the idea of providing checksums, but I'm having a hard time
> seeing the practical benefit.
> 
> What am I missing?
> 

Richard,

What you say is obviously true, there is no ultimate guarantee from
checksums.

The checksum is not useless though. It gives pretty good confidence that
the file didn't get altered in transit, whether by a network error, a
disk writing error, or by the intervention of a malcious actor as MITM
replacing the requested file with a doctored version of their own. It
may not provide ultimate trust but is better than no checks at all.

Some places sign their downloads with PGP, which in theory gives a
stronger guarantee of authenticity. However I think there are similar
issues with that. To verify it, you must install the public key of the
signer and assert (but on what basis?) that it is strongly trusted. Here
too, if the malicious actor can subvert both the download file and the
public key, the method fails. Most downloaders don't know anything about
the signer or have prior knowledge of his/her public key and may not see
anything amiss if they are somehow subverted.

It gets better I suppose once you have had a trusted key in your keyring
for a while and it has a good track record of vouching for software that
you have confidence in. However, if the key that you originally
installed and more or less blindly trusted was actually a fraud, then
you are in trouble.

Martin