Monday, November 16, 2015

openSUSE

I wish to download openSUSE safely. But is it possible?

https://en.opensuse.org/openSUSE:Tumbleweed_installation - ultra highly secure information downloaded (not substituted) from wiki page.

Intel (64-bit and 32-bit)

DownloadChecksum (SHA-256)
DVD Installation - x86_64SHA-256
DVD Installation - i586SHA-256
Network Installation - x86_64SHA-256
Network Installation - i586SHA-256
I tried
Network Installation - x86_64
http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso

Alright, I think it is possible to substitute the image by a man in the middle attack. Tried https, no. Well, I think, SHA-256 only is not the most secure way to check validity, because iso image could be easely modified by adding a file with needed trash to make same SHA-256.

Alright, better to use any security then none... Is it? Well..
 SHA-256
 http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso.sha256

Trying https.. No.

Crap! I can not download openSUSE securely! Anyone in the middle could substitute even SHA-256 file! Is it possible to download openSUSE safely somehow? Anyone?

No comments:

Post a Comment