How to verify and validate Mint XCFE ISO on Windows?

[SoapyMint]

I have an unused Samsung NC10 with a new 120GB SSD and 2GB of RAM on which I intend to do a clean install of 18.2 XCFE on an Samsung NC10 . This seems to be the best distro for such a limited machine. I had considered Peppermint but am not too comfortable with putting too much data on the web. The object of the exercise is to keep my brain active (I am 70 in January) and to use this as a learning vehicle but also as an every day tool through which my wife will access her emails and some web applications.

I was a Chartered Engineer (Eectromechanical BSc) and have an MSc in Electronics centred on x86 microprocessors. I have used Windows operating systems from the outset and in my earlier life was quite comfortable using MSDOS to troubleshoot and manage my computers. As MS OS have advanced I have felt less and less 'in touch' with my computer and find it more difficult to keep up. So I decided to have a look at Linux.

I have spent quite a time reading through this and other forums trying to understand the supposedly simple task of downloading a distro and doing a clean install from a USBkey. Despite the title of 'Newbie' I find that Most of the posts I read not only seem to assume previous knowledge and experience of Linux, but also that you already have a version of Linux already installed.

To give an example, in order to complete the verification and validation of the distro download, in accordance with the download instructions on the LM website, I am in the 'Catch 22' position of having to have Linux already loaded in order to verify the .iso download and to open a terminal in Linux to use sha256sum.txt.gpg to authenticate the sha256sum.txt file. But I have yet to do the installation ??

Having searched the web I found a very useful tutorial here which explains how to execute the download and verification in Windows using the downloadable Hashtab executable.

https://www.youtube.com/watch?list=PLjw ... Q6iTiamVmw (the Windows procedure starts at 15:38)


bUT, having successfully verified the distro .iso file I am still in the position that I cannot find a way to authenticate the sha256sum.txt file on a Windows computer.

As this procedure of a clean install must be one of the most common in people migrating from Windows to Linux, albeit that many might choose to dual boot; booting Linux from the USB and Windows from the hard disk, I am surprised that there aren't any simple comprehensive tutorials / guides on how to do this on this Newbie forum (I apologise if there is but I have looked long and hard. I think one is needed which includes not only the verification and authentication processes for Windows and Mac transitions but also such details as partitiononing requirements etc. especially if people are considering a dual boot.

So the specific questions I would like help with are:

1. How can I authenticate the sha256sum.txt using Windows?
2. How do I know which mirror servers are 'reputable' because I understand that even the verification can be maliciously manipulated by the ill-disposed? I am in the UK and used the University of Kent mirror service.
3. If the sha256sum.txt downloaded from the LM website is at risk (and therefore needs to be authenticated), how is the sha256sum.txt.gpg file on the webste not similarly vulnerable?
4. Do you know of any comprehensive tutorials which cover clean single boot installs which include partitioning requirements.
5. Are there any advantages to not installing LM on a blank SSD but rather booting each time from the USBkey? The NC10 has USB 2.0 so I imagine booting from SSD installation will be much faster than booting from USBkey.

[thx-1138]

1. How can I authenticate the sha256sum.txt using Windows?

https://www.maketecheasier.com/verify-m ... windows10/

2. How do I know which mirror servers are 'reputable' because I understand that even the verification can be maliciously manipulated by the ill-disposed? I am in the UK and used the University of Kent mirror service.

All servers are reputable. If something's gone wrong (eg. in the relatively rare case that a mirror server got hacked), then the sha256 checksums will not match. Note that if the checksums don't match, it doesn't necessary mean that the server(s) got hacked - it might just have been a 'bad' / corrupted download.

3. If the sha256sum.txt downloaded from the LM website is at risk (and therefore needs to be authenticated), how is the sha256sum.txt.gpg file on the website not similarly vulnerable?

The sha256sum.txt is not at risk / vulnerable (unless the LM website itself got hacked). There's probably no reason to mess around with gpg for the time being (it's an extra step of security) - if the hash from LM's site matches the hash from the .iso you downloaded, you're good to go.

5. Are there any advantages to not installing LM on a blank SSD but rather booting each time from the USBkey? The NC10 has USB 2.0 so I imagine booting from SSD installation will be much faster than booting from USBkey.

You can either boot 'live' from a USB key (all data gets loaded in memory & erased on shutdown...), or you can install it on a separate USB key explicity, eg. to carry it around at all times (that's somewhat more advanced, and how it's done differs among Linux variants). Obviously, the 'normal', faster performance and common daily way is to install on a hard drive (HD or SSD).
To put it in layman terms: it's not like Windows which has to be explicity installed on a hard disk in which it gets tied up and 'locked' down, and when say you change your mobo or move that disk on another system etc., it starts to complain for 'registration keys' or missing hardware etc etc...Linux is far more 'portable'.

4. Do you know of any comprehensive tutorials which cover clean single boot installs which include partitioning requirements.

There's various guides out there in the net, not sure how much they are up to date...but some good soul around here should be able to provide you with easy step-by-step & up-to-date instructions

[Pierre]

initially, at least have a look at this Tutorial:
viewtopic.php?f=42&t=163126
it's written for win-8x, but does apply to win-10 as well.

do, also read the LinuxMint Users Guide:
https://www.linuxmint.com/documentation ... h_18.0.pdf
which is also the same Guide that comes with the actual Installation ISO . .

[pbear]

Hey SoapyMint, welcome to the Forum! A few thoughts.

1. You're not imagining things. The documentation for this isn't as good as it could be. It's a volunteer project.

2. The reason for the verify step is that the Mint download site was hacked a year-and-a-half ago. Once, and it was discovered quickly. So, it's good practice to verify the checksum file, but we're not talking about drinking untreated water during a cholera epidemic.

3. When I was in your position, I ended up deciding it was an acceptable risk to do the verification in a live session. For a purely Windows solution you need to download gpg4win. Follow instructions in the manual to verify the checksum file. For more info, see How-To Geek and Forum Tutorial.

4. Be aware there's going to be a new release of XFCE any day now. You'll be able to upgrade if you install now, but it'll be cleaner if you wait.

[SoapyMint]

Thank you for the very swift response.

1. How can I authenticate the sha256sum.txt using Windows?

https://www.maketecheasier.com/verify-m ... windows10/

Thanks for that but as I said in my post, I had already verified the iso file using Hashtab. What I wanted to know was how to authenticate it.

2. How do I know which mirror servers are 'reputable' because I understand that even the verification can be maliciously manipulated by the ill-disposed? I am in the UK and used the University of Kent mirror service.

All servers are reputable. If something's gone wrong (eg. in the relatively rare case that a mirror server got hacked), then the sha256 checksums will not match. Note that if the checksums don't match, it doesn't necessary mean that the server(s) got hacked - it might just have been a 'bad' / corrupted download.

I presume by this that you mean all of the mirror servers which are linked on the LM distro download pages are reputable? I'm sure there are at least some malicious mirrors around.

3. If the sha256sum.txt downloaded from the LM website is at risk (and therefore needs to be authenticated), how is the sha256sum.txt.gpg file on the website not similarly vulnerable?

The sha256sum.txt is not at risk / vulnerable (unless the LM website itself got hacked). There's probably no reason to mess around with gpg for the time being (it's an extra step of security) - if the hash from LM's site matches the hash from the .iso you downloaded, you're good to go.

I think the fact that the website was hacked makes it all the more important to provide signed authentication. I have subsequently learned that the way the signature works, it is protected inherently so it is not possible to spoof.

It seems a bit pointless to put a signature on the the LM distro download page if it is not necessary? I read that it is possible to fool the hash if you have doctored the .iso?

[SoapyMint]

initially, at least have a look at this Tutorial:
viewtopic.php?f=42&t=163126
it's written for win-8x, but does apply to win-10 as well.

do, also read the LinuxMint Users Guide:
https://www.linuxmint.com/documentation ... h_18.0.pdf
which is also the same Guide that comes with the actual Installation ISO . .

Thanks Pierre, unfortunately that tutorial applies to UEFI but the NC10 has the older bios.

Now working my way through Guide having had success in getting LM to boot from USBkey with Windows HDD on hard. I will have a play and wait for the new 18.3 version of XFCE before installing that on the SSD which will replace my existing HDD.

Thanks again - I am impressed by the speed of response.

[SoapyMint]

having trouble using the quote in post tool - but I'll learn!

[SoapyMint]

Hey SoapyMint, welcome to the Forum! A few thoughts.

1. You're not imagining things. The documentation for this isn't as good as it could be. It's a volunteer project.

2. The reason for the verify step is that the Mint download site was hacked a year-and-a-half ago. Once, and it was discovered quickly. So, it's good practice to verify the checksum file, but we're not talking about drinking untreated water during a cholera epidemic.

3. When I was in your position, I ended up deciding it was an acceptable risk to do the verification in a live session. For a purely Windows solution you need to download gpg4win. Follow instructions in the manual to verify the checksum file. For more info, see How-To Geek and Forum Tutorial.

4. Be aware there's going to be a new release of XFCE any day now. You'll be able to upgrade if you install now, but it'll be cleaner if you wait.

Thanks pbear.

I managed to do the verification using HashTab on Windows. It was the authentication which I was interested in which I see reading through the blog on the LM hack, was added to hedge against such a hack. In order to be absolutely secure using the mirrors linked to on the distro download pages it is always prudent to used the signed authentication which I now understand contains its own integrity and therefore avoids 'recursive authentication'

I have now managed to boot LM from a USBkey and I will play around with that to get a feel before installing on my newSSD.

Fun - so far..

Thanks again

[Superannuated]

SoapyMint, maybe I don't understand a couple of your responses, but to me it seems that you don't realize pbear provided a means to verify the ISO for both Integrity AND Authenticity using a Windows computer.

If I misunderstand I apologize. If I am correct then read pbear's Forum Tutorial more carefully. For additional clarity, I suggest to pbear that s/he add at the top of the tutorial (or in the title) that the procedure is for both integrity and authenticity.

Because errors can arise from burning, don't forget to perform an integrity check on the bootable USB (or DVD) as shown here under the section Error check.

Let's see if we can get the rest of your questions answered so you can mark this Solved.
1. Answered.
2. The Univ or Kent is reliable, no? That said, if both integritey and authenticity are validated does it matter which mirror?
3. It is my understanding that the sha256sum.txt.gpg is not vulnerable. Why? I don't know, but perhaps a guru will comment.
4. Follow the Linux Mint User Guide. Since the drive is new and going to have only the Mint OS on it, I would not partition the drive. Keep it simple. Here see Should I create a separate home partition?
5. I can't think of any really good reason.

[thx-1138]

It seems a bit pointless to put a signature on the the LM distro download page if it is not necessary? I read that it is possible to fool the hash if you have doctored the .iso?

SoapyMint, you've probably misunderstood me - and indeed, maybe i wasn't clear enough. No, it's not pointless at all, maybe i should had placed more emphasis on my quote "There's probably no reason to mess around with gpg for the time being (it's an extra step of security)".

The reason i said that was merely to get you getting started faster with the basics, instead of going down the road of starting here a by far wider analysis of how PGP public / private key encryption works.
In most cases, (ie. assuming the servers haven't been hacked), verifying the sha256 checksums is a fast & simple way. The chances an actual collision exists is next to zero, and for such to be discovered / 'generated', it would take years of computing - if such existed, it would made the news instantly, and the algorithm would be abandoned (google for md5 & sha-1 collisions for more details...)

Eg. from pbear's linked howtogeek guide...closing quote:

These verification methods weren’t originally intended for protecting against malware. They were designed to confirm that your ISO file downloaded correctly and wasn’t corrupted during the download, so you could burn and use it without worrying. They’re not a completely foolproof solution, as you do have to trust the PGP key you download. However, this still provides much more assurance than just using an ISO file without checking it at all.

Or as an example here, a pretty thorough and lengthy explanation:
https://futureboy.us/pgp.html#ProcedureForVerification

Aka., as you see, all in all, no 100% absolutely foolproof method exists (because at some point, you still do have to trust someone / something) - hence the reason i said an 'extra step of security'. However, every extra layer of added security, no matter how small or complicated, can only be useful - no question about that.

[SoapyMint]

SoapyMint, maybe I don't understand a couple of your responses, but to me it seems that you don't realize pbear provided a means to verify the ISO for both Integrity AND Authenticity using a Windows computer.

If I misunderstand I apologize. If I am correct then read pbear's Forum Tutorial more carefully. For additional clarity, I suggest to pbear that s/he add at the top of the tutorial (or in the title) that the procedure is for both integrity and authenticity.

Because errors can arise from burning, don't forget to perform an integrity check on the bootable USB (or DVD) as shown here under the section Error check.

Let's see if we can get the rest of your questions answered so you can mark this Solved.
1. Answered.
2. The Univ or Kent is reliable, no? That said, if both integritey and authenticity are validated does it matter which mirror?
3. It is my understanding that the sha256sum.txt.gpg is not vulnerable. Why? I don't know, but perhaps a guru will comment.
4. Follow the Linux Mint User Guide. Since the drive is new and going to have only the Mint OS on it, I would not partition the drive. Keep it simple. Here see Should I create a separate home partition?
5. I can't think of any really good reason.

You'r right Superannuated; I could have made myself clearer; when I said that it was the authentication I was interested in it was the vulnerability issue I was referring to not how to do it. You addressed this in your answer 3. As I mentioned elsewhere, reading more widely I think that the .gpg file is, as you say, inherently invulnerable.

Thank you for responding.

[Cosmo.]

I think that the .gpg file is, as you say, inherently invulnerable.

Nothing is invulnerable, especially not a simple text file. But checking the fingerprint of the key does the trick, because the fingerprint cannot get faked. So it matches or not, in the latter case the key is corrupt.

[SoapyMint]

Nothing is invulnerable, especially not a simple text file. But checking the fingerprint of the key does the trick, because the fingerprint cannot get faked. So it matches or not, in the latter case the key is corrupt.

Thanks Cosmo,

As always, its a matter of semantics. If I have understood it properly what I meant by inherently invulnerable is that as the key includes the fingerprint and this can be read from the key, you do not need anything further - apart from the means to read the fingerprint - to authenticate the .gpg file. So perhaps I should have used something like 'self-authenticating'.

[Cosmo.]

If the fingerprint would be included in the key it would be similar, as if the PIN for your banking card would be stored in the card and the device would read the PIN out. (Well, technically it would be something different.) There would be no benefit from the fingerprint (or in the comparison example) from the PIN) regarding security.

[SoapyMint]

If the fingerprint would be included in the key it would be similar, as if the PIN for your banking card would be stored in the card and the device would read the PIN out. (Well, technically it would be something different.) There would be no benefit from the fingerprint (or in the comparison example) from the PIN) regarding security.

Thankyou again.

I woke up this morning early having clearly been thinking of this issue subconsciously in my sleep; I clearly still don't understand this fully:

The reason for putting the sha256sum.txt.gpg file on the distro download page (https://linuxmint.com/verify.php) is to allow authentication of the sha256sum.txt file because the page was hacked such that the url for the sha256sum.txt file was vectored to a malicious server. The premise is that, by using the sha256sum.txt.gpg file, you can be 100% sure of the authenticity sha256sum.txt file.

But.. the expected fingerprint is published. So what is to prevent a hacker, other than the security protecting the server containing the page - hopefully now upgraded, from repeating the previous hack, substituting the fingerprint shown in the page with their own and repeating the re-vectoring of the sha256sum.txt hyperlink? And/or revector the sha256sum.txt.gpg link maliciously so that the published fingerprint is produced by the doctored sha256sum.txt file. I don't see how the integrity is preserved if the fingerprint is published and the maliciously inclined know what fingerprint needs to be produced.

But, as I say, I clearly don't understand yet. I would be grateful if you would be so kind as to enlighten me? Thank you again.

(My Head Hurts)

[Cosmo.]

You are right. If the described scenario should happen, the fingerprint info could get replaced with a wrong one. This is a possible problem and a proof, that something like absolute security does not exist. On the other hand - and really realistic -: If the website should again get hacked (Clem wrote several months ago, that it is not a question, if an attack will get done, but when will this happen), this will get noted and discussed here in the forum in between a very short time, if this should succeed. Note also, that with the protection of Sucuri a successful attack is far less likely than in the past.

In theory also this problem would be solvable with the key and its fingerprint, but in practice it would be very hard to do this.

[SoapyMint]

You are right. If the described scenario should happen, the fingerprint info could get replaced with a wrong one. This is a possible problem and a proof, that something like absolute security does not exist. On the other hand - and really realistic -: If the website should again get hacked (Clem wrote several months ago, that it is not a question, if an attack will get done, but when will this happen), this will get noted and discussed here in the forum in between a very short time, if this should succeed. Note also, that with the protection of Sucuri a successful attack is far less likely than in the past.

In theory also this problem would be solvable with the key and its fingerprint, but in practice it would be very hard to do this.

In which case, it would seem that the addition of the .gpg file on https://linuxmint.com/verify.php and the authentication process adds very little value and introduces unnecessary complication; the fingerprint is no more secure than the file it is authenticating.

I appreciate that you will never have perfect security but the integrity of the .iso download is pretty crucial. Would it not be possible (and simpler for the user) for a recurring check script to be run frequently to authenticate the https://linuxmint.com/verify.php page and to raise a flag indicating an unauthorised change? That way, the .gpg file and associated process would be redundant. Moreover, detection would be instant, rather than being reliant on the vigilance of the Linux Mint community (although from my short experience I see that the forums are pretty responsive).

[Cosmo.]

In which case, it would seem that the addition of the .gpg file on https://linuxmint.com/verify.php and the authentication process adds very little value and introduces unnecessary complication; the fingerprint is no more secure than the file it is authenticating.

I disagree. As long as the download page is not compromised the fingerprint gives security. When we had the attack 2 years ago, it took a very short time (about an hour or so), until the first reports came in. I remember, that I checked the problem myself after seeing the reports and verified, that there is a problem, some other regular users did the same. Again a short time later Clem set the download page and following that even the forum offline. Also notices had been sent to my remembrance to the forum users, Now with the enhanced security for the downloads the fingerprint is nothing, which can so easily get exchanged. And if so, all alarm bells would very quickly make heavy sound.

Would it not be possible (and simpler for the user) for a recurring check script to be run frequently to authenticate the https://linuxmint.com/verify.php page and to raise a flag indicating an unauthorised change?

Hardly, most likely impossible. How shall a script tell, if a change is authorized or not? Without a separate instance - the key and it's fingerprint - this is impossible.

What is possible is this: The user stores the key in his keyring and signs it. Now he does not even have to check the fingerprint for consecutive downloads, because the system of the user can by itself say, if the key is authentic or not. Problem is, that this does not make much sense for users, who do not use gpg-keys regularly - mostly for mail encryption, and those are the very most majority. The acceptance for mail encryption is low, because the first step is for many people too complicated and only people, who all are ready to use it, can use it. In other words: Even if you use it, but your mail partner does not, it cannot work. There are people, who say: GPG is technically perfect, but because of the low acceptance actually dead. I do not follow that, but those people have touched the crucial point. Now, if encryption via gpg is so low on acceptance, how should this be better for the purpose of verifying the download?

Even on the homepage of gnupg (which belongs to the author of gpg) the method as used by Mint gets used. See here.

[SoapyMint]

I disagree. As long as the download page is not compromised the fingerprint gives security. When we had the attack 2 years ago, it took a very short time (about an hour or so), until the first reports came in. I remember, that I checked the problem myself after seeing the reports and verified, that there is a problem, some other regular users did the same. Again a short time later Clem set the download page and following that even the forum offline. Also notices had been sent to my remembrance to the forum users, Now with the enhanced security for the downloads the fingerprint is nothing, which can so easily get exchanged. And if so, all alarm bells would very quickly make heavy sound.

It surprises me that the page cannot be locked / checked for unauthorised changes somehow, over and above any firewalling on the server.

Leaving that aside, forgive me if I am just being thick (highly probable these days) but I still don't understand how the .gpg adds anything in this particular context. The way I see it is, if the webpage isn't hacked the sha256sum.txt link is completely reliable and is being protected by the post-hack increased security software. However, in the now-less-likely event that the webpage security fails, both the link and the .gpg file are unreliable. Consequently, unless I am missing something, I can only conclude that the overall protection for the sha256sum.txt link is the same whether the .gpg is present on the page or not.

I have never used GPG and don't know anyone who does. It is indeed a conundrum but perhaps the increasing level of financial losses owing to identity fraud and phishing will bring about cultural change - I won't be holding my breath.

Thank you for your swift responses and the debate - it is shaking up my old brain considerably.

[thx-1138]

...i posted this above, but maybe you didn't read it in detail:

Or as an example here, a pretty thorough and lengthy explanation:
https://futureboy.us/pgp.html#ProcedureForVerification

...some parts out of it:

...After all, the bad guys could have replaced it somehow. Before I trust you with any secrets, I'll validate your identity...Anyone can generate a public key for any e-mail address. Anyone can post that key to any key server. Only by verifying that the key really belongs to the person you think it does does it give you any security...On the other hand, you may not be able to verify someone's fingerprint in person. See the Web of Trust section for more about this...

The underlined emphasis is mine...which then moves us to the next part - an extremely extraordinary scenario, but whatever:
...say you were extra unlucky to have downloaded it within a 1-2 hrs period that the server was hacked but it wasn't yet discovered...
...plus, the hacker forged the gpg key on the page & the public keyservers....
...and, to top it all, the attacker was also able to...generate a brand newly discovered collision for sha256 (maybe only NSA & a few other of 3-letter agencies would be capable of such - we'll never learn about it).

Consequently, unless I am missing something, I can only conclude that the overall protection for the sha256sum.txt link is the same whether the .gpg is present on the page or not.

Still, even in the above case, where literally next-to-everything is forged & violated...and even a hash collision has taken place(!), while we are indeed in the cold water, there's still a way out to the shore:
you could still try contacting the Mint team and ask them to verify the key's validity directly...

So, no, it's not useless - as you see, correct usage of gpg covers even the most out-of-the-question extreme & unlikely cases...