Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.
Created: 20 December 2006 by newz
Packages affected: ubuntu-website
Simple and cryptographically secure process for validating ISO downloads.
The current methods are fundamentally flawed. People have the Hobson's choice of getting md5 sums from either non-secure mirrors, such as ftp://mirror.d-jacobs.com/ubuntu/edgy/MD5SUMS, or a secure Ubuntu page that can be freely modified (UbuntuHashes). Once they have the hash and the ISO, they can verify it, but probably won't. This is because most users don't know how, and fail to understand how critical it could be. Our documentation, now at HowToMD5SUM, only provides a thorough graphical option for one operating system.
- Stephanie has just heard of Ubuntu from a good friend, and is eager to try it out as soon as possible. She goes to Ubuntu.com, clicks Desktop, then "CD Image for desktop and laptop PCs", then "Ubuntu 6.10, the newest Ubuntu release". She then clicks a mirror link, and lets the ISO download. She burns it with her friend's help, never worrying about the insecure file.
Mark is an experienced GNU/Linux user. He is annoyed that Ubuntu has no true secure channel for MD5 sums. He also recalls that MD5 has been found to be cryptographically weak, and wishes he had another option. He downloads the ISO file and uses a commandline utility to verify against the MD5 hashes at UbuntuHashes, after checking the history. He has to manually copy the MD5 sum , since there are no secure MD5 files.
ISO files for Ubuntu distributions.
- Secure The solution should rely on strong algorithms, and not have major structural weaknesses that render the cryptography irrelevant.
- Simple It should be simple enough (or at least there should be a simple option) that inexperienced users will still use it.
- Open All software should be libre/open source and the design should not rely on security through obscurity.
Python includes a hashlib module which makes checking hashes easily. Additionally, it is a piece of cake to grab a file from a website. The hash could be stored on www.ubuntu.com which has more strict editing controls than any of the other websites, or it could be stored on launchpad.net.
- simply validate the iso file, or
assist with the iso download, possibly using the "chunked" download method that allows files to be resumed if the connection is interrupted, or
- same as previous, but the iso file could be distributed in sections of aprox 65MB (edgy-i386.iso.01 - 10), each having a hash and if a segment is corrupted, only that portion of the file is re-downloaded.
I suggest starting with option #1 and adding additional features if the program warrants it.
The problem is that there is no easy way to use the gpg signatures (that I know of) in python. Maybe if we stored the hash on an SSL based server and checked the ssl key signature we could get the same level of assurance as reading the gpg signature of the hash list.
The program should definitely be GUI, but a simple gui using tk would work and it would likely be very compatible with freeze/py2exe.
Data preservation and migration