## How to verify that downloaded files such as Ubuntu, BitcoinQT, Armory, and Electrum have not been tampered with?

4

1

When creating a secure offline wallet, the first step is to download some software or OS (such as Ubunutu) to create the wallet.

Some downloads have a SHA of the file on the download page. But a hacker could change the SHA on the download page. So how do you know that the file is not tainted and the SHA is the correct SHA of the tainted file?

For example, the download page for Armory has installer files and SHA's for some of the files.

How would you verify that the download of Ubuntu is not tainted?

https://help.ubuntu.com/community/UbuntuHashes – ripazha – 2013-11-16T12:32:04.037

Comment since it's not answering your question: an alternative would be to throw 99 6-sided dies (or a dice 99 times) and use that as your private key in http://www.bitaddress.org Guaranteed physical randomness and tamper proof!

– kaoD – 2014-01-15T10:40:54.750

1

It all depends on the security mechanisms of your operating system. On Ubuntu, packages are signed, and the installer checks the signature. So, a man in the middle, or a rogue mirror site could not have modified the copy of Electrum that I installed.

The safety of your bitcoins on your machine does not depend only on your bitcoin applications. If the operating system itself is compromised, it can steal your bitcoins (using a keylogger to find the possible passwords) so pay attention to use a safe operating system, with security updates and so on.

1

(I can't comment on the other answers yet because I don't have 50 rep but it's totally wrong to believe that a MITM can't change what are on URLs protected by HTTPS you think you're seeing... A MITM could be anywhere in the middle, including between your online computer and your browser, making you believe the website you see is the correct one and making you believe the HTTPS signature is legit. Such kind of attacks, made possible by rootkits, are precisely one of the reason people do use fully offline computers and Live CD/DVD to create cold storage wallets)

For Linux the first thing is to d/l an .iso that you're going to burn and then, once burned, verify your .iso by checking the entire DVD from an offline computer.

What follows may look paranoid but it really isn't: it's just good security practices and only takes a few moments to do correctly...

Do not just verify the SHA1 of your .iso after you've downloaded it: it may be backdoored between the moment you've finished downloading it / checksuming it and during burning. Or the computer you're using to verify the SHA1 / burn it may be compromised and hence giving you back fake values.

Ideally you'd:

• write down the exact filesize of the file (gonna be needed later on), in this case: 925 892 608 bytes
• burn your .iso to a DVD

Now do not make the mistake of using the self-verification procedure of your DVD once you boot it up. If it's backdoored, it's gonna tell you everything is fine.

Find the official SHA1 sums for the .iso file you've downloaded. These ones may be compromised too so you may want to call someone from your family or a friend on the phone and ask them to go to the URL containing the hashes or you may want to go to a public computer or a computer at work: anywhere not the same place you d/l'ed the DVD from.

Now from an offline computer (but not while booting from the DVD you just burned), do this to verify your DVD:

</dev/sr0 head -c "925892608" | sha1sum


You cannot just "cat /dev/sr0 | sha1sum" : won't work due to the last block which has a fixed-size on DVDs. You must enter the exact number of bytes.

This takes some time (30 seconds or so, depending on your hardware).

Notice the leading "<" in that command.

Check that your SHA1 is matching.

If it's matching, then it is very very highly probable that you have the official release. This is not a proof that the official release itself is not backdoored or that your CPU's rdrand function is not hardware-backdoored, but it's a good start.

So that's how I do it to verify my Linux Live DVD. Simply looking at the URL with the SHA1 hashes is not enough. If you're facing a MITM then your DVD is gonna be backdoored and the SHA1 hashes are gonna be forged too.

Which is why you use another channel to write down the SHA1: you either write it earlier/later in the day/week when you're at an entirely different place, using a different computer... Or you call someone far from your place and ask him to check the SHA1.

If you happen to trust the .gpg keys of Ubuntu you may use these to verify the hashes but if you're facing a MITM the attacker may be feeding you fake .gpg keys too.

0

Probably, better to create a bitcoin address with vanytigen.

You can simply clone repository, make a tar ball, thereafter move the source to your off-line station and compile vanitygen here. You can generate any amount of addresses off-line and send bitcoin to this addresses( called, "cold-wallet" ).

As you notice, "hacker could change the SHA", it is man-in-the-middle attack. Most of secure-focused projects have gpg public key on the home page. You can verify .sig files, look e.g. at the tails download page. Anyway, man-in-the-middle can change this public key, if you have no it, yet.

That is why, you should get access to verified provider or use Tor with https sites to download this keys beforehand. The same way you should verify SHA256SUMs at the sites where are no gpg public keys.

You should remember that any site might be defaced, SHA would be replaced with malicious and any soft might be infected. It will not be a man-in-the-middle attack anymore, but if you have a public key of author, you can detect this infection as pioneer. Additionally, if you will use source code, you could help community with forensic and gain sort of security.