after this and this discussion I decided to write a proposal for an improvement of http://debian.org/CD/faq/#verify
The main issues with the current text are that it gives a false notion of security by not stating the limitations of the presented procedure, as well as proposing use of md5 which is broken and should no longer be used for security purposes. Further I have tried to make the instructions more accessible for less knowledgeable users and made different proposals for software that allows checking hashes on windows and mac.
Could you please review this and implement it on the website.
Thanks in advance,
How can I verify that the downloaded
CD images are correct?
Errors can occur during the download of the CD images. This can happen accidentally (corruption), or a malicious attacker could try to serve you an altered version of the Debian OS. Because of this it is important you verify that the downloaded files are correct. To verify your iso file, several steps are needed.
If you only care about accidental corruption, note that torrent clients and jigdo automatically check for data corruption. Otherwise follow the steps below:
1. You have to calculate a numerical value that is unique for a specific file and that will be different as soon as the file is altered even slightly. This is done by means of a cryptographic hash function and allows for the value on the server to be compared with the value that you calculate at home. If both values are the same, then both files are guaranteed to be the same.
a. on Linux systems:
use the sha256sum utility to calculate the hash value of the file you downloaded
b. on Windows/Mac:
You will need to download some software to calculate hashes. The easiest one is hashTab. If this does not work for you, there are many alternatives like DivHasher (windows only).
2. Download SHA256SUMS and SHA256SUMS.sign which should be available in the same directory from which you downloaded the iso. Compare the value you get from step 1 with the value in the file SHA256SUMS.
By now we can be confident that the file did not accidentally become corrupt during transfer.
3. Could a malicious attacker that feeds me an altered iso image not also feed me an altered SHA256SUMS file? Yes, they could! Http is very easy to intercept. This is where SHA256SUMS.sign comes in. This file is the pgp signature of the SHA256SUMS file. It is signed with the Debian CD signing key which can be obtained from hkp://keyring.debian.org/. The transport from the keyserver is not secured, and the only way to verify you have not been fed a bogus key is through the web of trust if you are connected to enough people to make a path to the Debian CD signing key.
What should I do if I am not connected through the web of trust?
There is no easy answer to this. We currently provide no other means of secured transport of our pgp key or the checksum file. The only possibility is to try to download the checksum file through different paths. If you risk being the target of an attack, you might go to a libray or cybercafe and download the checksum file there. If you want to skip a bigger part of the path you might call a friend in a foreign country and ask them to download the checksum file and read the hash to you so you can compare it to the one you have at home.