Fail to verify hashes for Qubes-R4.1.1-x86_64.iso downloaded by torrent

User Support General
1

Hi,

I don’t know if I must report a security issue. I downloaded the torrent file from the download page for the 4.1.1 version. I downloaded the iso (and share…) but when I tried to verify the iso it fails.

The DIGEST is signed correctly.

gpg2 -v --verify Qubes-R4.1.1-x86_64.iso.DIGESTS
gpg: en-tête d'armure : Hash: SHA256
gpg: nom de fichier original : «  »
gpg: Signature faite le ven. 15 juil. 2022 05:50:34 CEST
gpg:                avec la clef RSA 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: utilisation du modèle de confiance pgp
gpg: Bonne signature de « Qubes OS Release 4 Signing Key » [totale]
gpg: signature mode texte, algorithme de hachage SHA256, algorithme de clef rsa4096

Test with sha256sum failed

sha256sum -c Qubes-R4.1.1-x86_64.iso.DIGESTS
Qubes-R4.1.1-x86_64.iso: Échec
sha256sum: Attention : 20 lignes ne sont pas correctement formatées

Test with openssl gives me a wrong hash

openssl dgst -sha512 Qubes-R4.1.1-x86_64.iso
SHA2-512(Qubes-R4.1.1-x86_64.iso)= ea0d45bc727b790ec0ccc0610dbdb3b8ff93dfd2238acf4cba49e037e894e2e174873151bdcf206b587ebba1f23b1d4a6dfb133f03149001e20a713e0171dd1c

DIGEST file content

cat Qubes-R4.1.1-x86_64.iso.DIGESTS 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


a9799a71fccfc17773b4f99be7d1f126 *Qubes-R4.1.1-x86_64.iso
19eb660f59b25d0af9b4f369ce3a734a7237f461 *Qubes-R4.1.1-x86_64.iso
0e68dd3347b68618d9e5f3ddb580bf7ecdd2166747630859b3582803f1ca8801 *Qubes-R4.1.1-x86_64.iso
ded744ce0c22a3cf030fee991651446c139127dcd8c67f3a783160a328d5999f1bdc556fa0dd791ebb5d2780d2dcfc1a4bbde184db290cbde568a99c95024722 *Qubes-R4.1.1-x86_64.iso
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWBekOyg95akYGlIuGEh5L54nlekFAmLQ5AoACgkQGEh5L54n
lel++BAAikHWpb7kIm+SICSxLprIvubWK7fI0zlVsEPP08fB3Ok4aYSZVn0HjG7s
4pAHfddych/6GpYeYkKNMrGStBbCjCOjRDxe6DITjz1EwOMAVL5rq/TVt8EkcMsx
Nxsglhuyz4vhCvb8Z7o8BFvq9oc9xJ/RqxL+u2qazHxKsh9TUgZ5ouZf/lWummq7
6QnUQLM9GwILY9tYjpCvmF2Sl0czFwR0WOxm5Nu0W9yMoLimLmO8yHldxOUH5Q1d
lgbrE8FyHkQmTrR3mkNmVQq4D/lYDCuwsUbKQsbNklzl+hz9cp95UXsIh0nD9jPu
iQcOjmYhxE5s+CkEQwQ97syFI6dJ+OwAo+/nLadxZJnT6PUM7vcBDpi0BJDdVXkw
21SJCZiM62It5qbo3eB+fdDEELIIyoLTnD2MJBnHrQqhvRvhAdgeXGKH0CCa5KqQ
26arMyi1Qrncoorew1nB4A9vpoaUmJQVd+MMYTC6B9dtqMCi0h5qJs6DMN4QlJ/7
peW6UzqW300LHx+UEDsD3mDxYs376olzjUPXoDGlg/Swf4c8YVdYfmFUnMziBVDO
78MZzeWb96fjNoSBviIfCGJBkc48WWU4GszIWe3VbleHvj3dgkhqn4jNyZ0bfzI1
0M+VO9S4b2tHqmv/0sTDSEHjs0/4N4zqxOlRFgwveMf6uKNeJv0=
=huaM
-----END PGP SIGNATURE-----

I remove all files and I downloaded DIGEST and iso from https in the download page

gpg2 -v --verify Qubes-R4.1.1-x86_64.iso.DIGESTS
gpg: en-tête d'armure : Hash: SHA256
gpg: nom de fichier original : «  »
gpg: Signature faite le ven. 15 juil. 2022 05:50:34 CEST
gpg:                avec la clef RSA 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: utilisation du modèle de confiance pgp
gpg: Bonne signature de « Qubes OS Release 4 Signing Key » [totale]
gpg: signature mode texte, algorithme de hachage SHA256, algorithme de clef rsa4096

sha512sum is successfull

sha512sum -c Qubes-R4.1.1-x86_64.iso.DIGESTS
Qubes-R4.1.1-x86_64.iso: Réussi
sha512sum: Attention : 20 lignes ne sont pas correctement formatées

Hope it helps.

2

Are you 100% sure the torrent completed?

3

I will not say that I am 100% sure, but I did verification to be at 99,99% :slightly_smiling_face:
It was the first thing I suspected and I still doubt the issue is not coming from transmission software. It notifies that the download was finished and the size of the iso was around 5,4 Go on the disk. That’s the part of the doubt, the real size the iso must have.

4

Did you check the file size of the torrented iso and compare it to the downloaded iso from the website? If the file sizes are the same, but one has a good hash and one has a bad hash, you likely downloaded a tampered qubes iso, and if so the developers would probably be interested in seeing it for research purposes.

Is it possible that your command is pulling the first sha256 hash available and that there are multiple sha256 hashes that differ depending on whether it is a download from the website or a torrent iso?

I’ve never heard of a sha512 being correct and a sha256 not being correct for the same file. I think it would be mathematically impossible absent some sort of error in the hash listings or user error. (edit: @chrisa is likely right, it would be mathematically so unlikely that it’s asymptotic to a probability of zero, but not in fact zero.)

1 Like
5

I’m pretty sure, it’s possible to have 2 different inputs to sha512 give the same checksum (a collision) - but it would be unlikely to happen … and in that case, sha256 would be the “whistleblower” to say “Look! - they look the same to sha512, but they are not the same!”

:wink:

1 Like
6

I had to remove the torrented iso to download the iso from https because of disk space. I did du -sh for the size of the iso torrent, it will be better I just did du and compare the sizes.

Unfortunately It was afterward I thought that it would be a good idea to keep both iso for forensics. But first I focused on downloading the good file.

To clarify my initial message, for the torrented iso sha256sum was wrong and I try to get sh512 with openssl and compare the value within the DIGEST files. So both were wrong. The good sha512sum was the one for the iso downloaded with https.

7

Does Qubes have different SHA values for torrent downloaded isos and for non-torrented downloaded isos?

If they are not different, there’s likely a malicious actor seeding multiple instances of an infected qubes iso.

8

For the same release? I don’t believe so.

9

So that means someone is sharing fake/corrupt/infected qubes isos via torrent? Unless @liochan is making a mistake, but it doesn’t seem like liochan is.

If this is true, people should be aware of it because people sometimes forget to check hashes, even though it’s a terrible thing to forget to do.

10

I believe torrents are automatically “checksummed” to some extent (maybe it’s cryptographically weak hashes :thinking: ?). So that would potentially be a problem with the magnet link or the .torrent file.

11

Thank you @crkorg but it is possible I did something wrong.

I retried to download the torrent and this time the hashes are good. So 2 options :

  1. I did a mistake
  2. Someone is tampering the torrent

I bet for the first one :slight_smile: Because even if I think it is possible to tamper a file, based on my basics knowledge of torrent, it will be hard and lucky to provide all chunks to a target.

Next time I will verify in a better way to remove the doubt of a mistake.

Thank you ! I will definitively take this hypothesis as the right as it discards that I did a mistake :innocent:

Should I close this topic ?

12

No need. Just mark the post that solved the issue as the solution. You do this by clicking on the three dots under the post and then select “solution”

13

Thank you @deeplow.

So as solution. If you check signature of DIGEST file and that the checksum has failed for your iso, do command du file.iso.

You will be able to compare file size with a correct iso. You might download this iso by another channel or ask members on this forum.

14

It’s been years since I’ve torrented, but sometimes there were edge cases various torrent clients didn’t handle well, e.g.: restarting the client and continuing downloads; knowing when to recheck the partially downloaded content after interruptions (a system restart or crash); reporting Done before all data was flushed from the app’s internal cache; bugs that showed up on file systems with different sparse file semantics that the ones the app was tested on, etc.

So…maybe “they” really are out to get you…but maybe also software/hardware is unreliable sometimes. :slight_smile:

B