Re: Fwd: Fwd: question regarding verification of a debian installation iso

To: debian-security@lists.debian.org
Cc: Ben Pfaff <blp@cs.stanford.edu>
Subject: Re: Fwd: Fwd: question regarding verification of a debian installation iso
From: Robert Tomsick <robert@tomsick.net>
Date: Mon, 03 Jan 2011 11:28:37 -0500
Message-id: <[🔎] 1294072117.2224.20.camel@kestrel>
In-reply-to: <[🔎] 877hem0xki.fsf@benpfaff.org>
References: <[🔎] AANLkTinAq9XQe5YGwZYS-_fqKK2+cH0Tg87xkkufFst=@mail.gmail.com> <[🔎] 1294000789.8582.97.camel@sorbet.thuis.net> <AANLkTi=LrcBr3HY+hP07Uke_7crs1G_xJYP20H6afpVQ@mail.gmail.com> <[🔎] AANLkTi=m3f52RLswOOWBgjLQUc7JwDm-aY+ejRk3gBn9@mail.gmail.com> <4D20F8B7.4060909@fastmail.fm> <AANLkTim+5r7ArchTvvNg9jcntwXh=UMTG3F2H7d6nLzr@mail.gmail.com> <[🔎] AANLkTi=7czvNzF_a8E2ibw=9TXw_O+gj5neFoFkMyGiy@mail.gmail.com> <[🔎] 20110103013453.GA21471@roeckx.be> <[🔎] AANLkTi=x+48QL66P+GdcGNOhNx4=k4=NTuHzk5x8OK7w@mail.gmail.com> <[🔎] 20110103085520.16886b3z7vat4oow@mail.kalinowski.com.br> <[🔎] 877hem0xki.fsf@benpfaff.org>

On Mon, 2011-01-03 at 08:19 -0800, Ben Pfaff wrote:
> Eduardo M KALINOWSKI <eduardo@kalinowski.com.br> writes:
> 
> > How much do you trust your USB drive? It could have a malicious
> > controller that detects when the correct Fedora files are written to
> > it, and replaces with hacked copies. And when you try to verify the
> > copy, it detects this and returns the SHA1 (or any other checksum) of
> > the original files.
> 
> How would the USB drive tell whether you were reading the file to
> verify its checksum or to use its contents?

Because you forgot to make sure that the tin foil fit tightly. ;)

Reply to:

References:
- question regarding verification of a debian installation iso
  - From: Naja Melan <najamelan@gmail.com>
- Re: question regarding verification of a debian installation iso
  - From: Arthur de Jong <adejong@debian.org>
- Fwd: question regarding verification of a debian installation iso
  - From: Naja Melan <najamelan@gmail.com>
- Fwd: Fwd: question regarding verification of a debian installation iso
  - From: Naja Melan <najamelan@gmail.com>
- Re: Fwd: Fwd: question regarding verification of a debian installation iso
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Fwd: Fwd: question regarding verification of a debian installation iso
  - From: Naja Melan <najamelan@gmail.com>
- Re: Fwd: Fwd: question regarding verification of a debian installation iso
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
- Re: Fwd: Fwd: question regarding verification of a debian installation iso
  - From: Ben Pfaff <blp@cs.stanford.edu>

Prev by Date: Re: Fwd: Fwd: question regarding verification of a debian installation iso
Next by Date: Re: Fwd: Fwd: question regarding verification of a debian installation iso
Previous by thread: Re: Fwd: Fwd: question regarding verification of a debian installation iso
Next by thread: Re: Fwd: Fwd: question regarding verification of a debian installation iso
Index(es):
- Date
- Thread