Thread

  1. Re: [OT] GnuPG / PGP signed MD5 checksums

    wsheldah@lexmark.com — 2003-01-06T16:03:40Z

    I just started using GPG about a month ago, and am still trying to figure
    out how to establish trust in cases where it's not practical to verify a
    person's identity in person. In this case, how do I know that the message
    is signed by the real Greg Mullane, and not by some cracker who made up his
    own GPG key with Greg's name attached to it and forged an email signed by
    this fake key? And who also replaced one or two of the source files with a
    trojaned version, and is publishing the md5's for the trojaned version via
    this email? Having the fingerprint in the same email message doesn't help
    that much; perhaps if the signer's fingerprint were on another server,
    independent of the one holding the files to download? That would at least
    require an attacker to compromise two separate servers to fool people
    taking the time to verify.
    
    I don't have any reason to suspect that there's any actual attack
    underfoot. Just trying to figure out the right way to use GPG encryption to
    tell when there is one. I do think that GPG or similar cryptographic
    verification should be used more widely than it is, for security and peace
    of mind.
    
    Wes Sheldahl
    
    
    
    
    "Greg Sabino Mullane" <greg@turnstep.com>@postgresql.org on 01/06/2003
    10:25:47 AM
    
    Sent by:    pgsql-general-owner@postgresql.org
    
    
    To:    pgsql-general@postgresql.org, pgsql-announce@postgresql.org
    cc:
    Subject:    [GENERAL] GnuPG / PGP signed MD5 checksums for PostgreSQL
           7.3.1, 7.3, and 7.2.3
    
    
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    
    This message contains a cryptographic verification of the source
    code (and some rpms) for PostgreSQL. This does not guarantee that
    the content of the code, but does guarantee that I calculated the
    checksums of the files at a certain point in time. (see date at
    the bottom). The MD5s should match the ones on the mirrors, with
    the exception of the rpms, which do not come with external checksums.
    
    Instead of signing each file with GnuPG, I have signed this
    message, which contains the MD5 checksums for each file in
    the 7.3.1, 7.3, and 7.2.3 branches. The checksums are in a normal
    md5sum format, so you should be able to run md5sum -c against
    this message.
    
    See the man page for the program "md5sum" to learn how to create
    and verify the checksums, and visit
    http://www.gnupg.org
    for more information about how to use GnuPG and how to verify
    this (and other) messages using PGP.
    
    
    MD5 checksums for PostgreSQL version 7.3.1 source code:
    
    924b21c3114f595834e2456277f1bffb  postgresql-7.3.1.tar.gz
    d31f4be7ada55e4914d1a9134e4441c7  postgresql-base-7.3.1.tar.gz
    42384cb2ded505243878231acb779bd6  postgresql-docs-7.3.1.tar.gz
    65e3db9df55b71b504a2f385da231de8  postgresql-opt-7.3.1.tar.gz
    8f231ca3470f3be6b33e1def77dcf7fc  postgresql-test-7.3.1.tar.gz
    
    ( more md5sum's snipped )
    
    Greg Sabino Mullane  greg@turnstep.com
    Key fingerprint = 2529 DF6A B8F7 9407 E944  45B4 BC9B 9067 1496 4AC8
    PGP Key: 0x14964AC8 200211301125
    EICS-H: -D 0e26986990b888fa7b70a291412f974c32b974a0
    
    -----BEGIN PGP SIGNATURE-----
    Comment: http://www.turnstep.com/pgp.html
    
    iD8DBQE+GaGrvJuQZxSWSsgRAkG9AJwLTxwkeXsMfg0zeORTEIv/Z35oxQCglvaT
    nWugu1qT+uvxuJBZT+5fQ8Q=
    =8HF6
    -----END PGP SIGNATURE-----
    
    
    
    ---------------------------(end of broadcast)---------------------------
    TIP 6: Have you searched our list archives?
    
    http://archives.postgresql.org
    
    
    
    
    
    
  2. Re: [OT] GnuPG / PGP signed MD5 checksums

    Greg Sabino Mullane <greg@turnstep.com> — 2003-01-06T18:29:18Z

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    
    > I just started using GPG about a month ago, and am still trying 
    > to figure out how to establish trust in cases where it's not 
    > practical to verify a person's identity in person. In this case, 
    > how do I know that the message is signed by the real Greg Mullane, 
    > and not by some cracker who made up his own GPG key with Greg's 
    > name attached to it and forged an email signed by this fake key? 
    > And who also replaced one or two of the source files with a 
    > trojaned version, and is publishing the md5's for the trojaned 
    > version via this email?
    
    There are a few overlapping issues here, but the first thing you need 
    to do is understand the GnuPG model of trust. In this model, there 
    is no central authority (and thus no single point of failure). 
    Instead, people verify each other's keys, creating a "web of trust" 
    that you can use to trace a path from one key to another. My key 
    is fairly well integrated into the web of trust, so most people 
    should be able to find a path to it. You do not therefore need to 
    verify my identity "in person."
    
    You can also check for a forged email by looking at the headers: 
    my mail will almost always come from biglumber.com, which also has 
    my key in the whois record. If you ever see an email from me, 
    regardless of where it originated, that is not signed with GnuPG, 
    it is probably a forgery.
    
    The problem of a trojan file is one of the main reasons I am 
    providing signed checksums. It verifies that at a certain point in 
    time, the files had a certain checksum. As time goes on, these 
    checksums become more valuable due to the fact that a trojaned 
    version is more likely to be discovered the longer it exists. 
    Also, more time gives people a chance to verify my checksums 
    themselves: if I had made a mistake, hopefully it will be noticed.
    
    Remember that all my message says is that at a certain point in time, 
    the files had a certain checksum. I cannot verify that there is 
    not bad code inside them, as I have not checked the source code of 
    each one. I am fairly confident that a trojaned version would have 
    been noticed by now, especially on the pre-7.3.1 versions.
    
    My signed checksums do prevent an attack in which someone breaks 
    into the postgresql server and installs a trojaned version of the 
    source code. This person also create and installs a MD5 for the 
    trojaned version and put that on the web site as well. The mirrors 
    faithfully pick up the new versions, until nothing but a trojan 
    exists, with a correct MD5 file alongside it. This is why many 
    sites have a signed version of their software: a MD5 can be easily 
    created, while a PGP sig cannot. In the future, I would like to 
    see pgp-verification files instead of the MD5s on the download page.
    
    
    > Having the fingerprint in the same email message doesn't help
    > that much; perhaps if the signer's fingerprint were on another server,
    > independent of the one holding the files to download? That would at 
    > least require an attacker to compromise two separate servers to fool 
    > people taking the time to verify.
    
    The fingerprint is provided to help people find my key and to verify 
    that they have the correct key once they have downloaded it. As far as 
    "other servers", you can check the postgresql mailing list archives and 
    see that I have been signing emails with this key (including patches) 
    for a long time. You can also search for my key on Google and find many 
    sightings. Checking the key in multiple places is always a wise idea, 
    and Google's cache is an excellent verification.
    
    
    Some links that explain some of the above concepts better than I have:
    
    An Introduction to GNU Privacy Guard (a well-written article):
    http://www.desktoplinux.com/articles/AT3341468184.html
    
    The GnuPG FAQ (a good (but terse) overview):
    http://www.gnupg.org/(en)/documentation/faqs.html
    
    Site to coordinate key signings to expand the web of trust:
    http://www.biglumber.com/index.html
    
    Explanation of the web of trust:
    http://www.rubin.ch/pgp/weboftrust.en.html
    
    
    Greg Sabino Mullane greg@turnstep.com
    PGP Key: 0x14964AC8 200301061321
    
    -----BEGIN PGP SIGNATURE-----
    Comment: http://www.turnstep.com/pgp.html
    
    iD8DBQE+Gc0cvJuQZxSWSsgRAtFRAKCVeswGkXHvyGVc+6SkmEdU7u018ACgjpZZ
    GZUrHFsgT0sETG0xpfIMLNE=
    =3IiD
    -----END PGP SIGNATURE-----