https://en.opensuse.org/openSUSE:Tumbleweed_installation - ultra highly secure information downloaded (not substituted) from wiki page.
Intel (64-bit and 32-bit)
| Download | Checksum (SHA-256) |
|---|---|
| DVD Installation - x86_64 | SHA-256 |
| DVD Installation - i586 | SHA-256 |
| Network Installation - x86_64 | SHA-256 |
| Network Installation - i586 | SHA-256 |
| Network Installation - x86_64 |
Alright, I think it is possible to substitute the image by a man in the middle attack. Tried https, no. Well, I think, SHA-256 only is not the most secure way to check validity, because iso image could be easely modified by adding a file with needed trash to make same SHA-256.
Alright, better to use any security then none... Is it? Well..
SHA-256
http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso.sha256
Trying https.. No.
Crap! I can not download openSUSE securely! Anyone in the middle could substitute even SHA-256 file! Is it possible to download openSUSE safely somehow? Anyone?
No comments:
Post a Comment