if the whonix 2.0 is based on alpine, no need to port alsa as all packages are compiled for alsa on alpine by default
1 Like
speaking of tuf, i’d like give some more information on apk (alpine package manager)
it seems to download .tar and checks file hash from database of latest files hashes which is signed by pgp
so downloads content can’t be tampered with, as for mitm, alpine provides mirrors with https support,
which means man in middle can’t modify modify (they alrdy can’t but extra layer good), they can’t give user different package due https or make them download outdated package.
this is of course considering the mirror it’s self is not malicious. if it was malicious, and the attacker gives different package or old package version, apk will attempt to check if hash matches list of hashes signed and fail since hash lists always have latest versions (hash lists while provided by same supposed malicious mirror, it is signed with latest hashes so mirror cannot modify, unless mirror had already saved the last signed hash lists but im not sure what will happen in that sceniro)
so this rules out 2 attacks from tuf, the modification of content and to some degree, downgrade packages, which leaves re-direction to another package, alpine linux will prompt you with package names before you hit y, so if user installs firefox and he gets vlc, he will have had to manually agree to installation, if he did miss the vlc name in terminal, he would find out he got attacked because he dont have firefox!
as for dependencies, i have no clue.
what i just said is not facts on stone, maybe i got alot of things wrong but so far apk seems just as good as pacman and maybe even apt
also i would like to add to not make this discussion strictly related to switch to alpine, the other issues i mentioned are, while more critical, everything i mentioned works hand-in-hand so one must avoid fixing one issue while leaving other
and lastly, i would like to add that the NSA leaks one of tools was specifically targeting busybox and alpine, but i guess they also now have tools for debian so its kinda irrelevant but worth noting
i noticed error in alpine wikipedia u sent
“end-to-end signed packages (not only repository metadata) (such as end-to-end signed .debs”
this comparsion makes no sense as you cannot sign large files, you can only sign the files hash (metadata)
That’s a bold claim. Do you have any proof?
nsa and cia leaks mentioned a vlc backdoor
vault 7 leaks
Debian has valid-until which notices indefinite freeze attacks and prevents replay attacks.
Good to add to the comparison table. Criteria for Choosing a Base Distribution
Threat models usually include malicious / compromised mirrors and broken TLS.
TLS has many issues. → Transport Layer Security (TLS)
Large files can be signed for example with gpg. For example Whonix-CLI-16.0.8.2.ova is a large file. 1 GB+. And Whonix-CLI-16.0.8.2.ova.asc is its signature.
Not Wikipedia. Whonix wiki. Not the same.
Only wikipedia.org can be called Wikipedia, which is based on the MediaWiki webapp. The Whonix wiki is also based on MediaWiki.
1 Like
the gpg when signing files signs only the hash, not the file, this is true to all ciphers curves and rsa. u cannot sign a file large than key size for example 4096 key can only sign 4096 big files max
“(GPG) digital signatures combine a hash with a cryptographic process which ensures not only the integrity of the signed message (file, mail, …) but also the authenticity of this message. By mean of these digital signatures (usually asymmetric cryptography), you can be sure that the content you checked has not been tampered with and has been issued by the owner of the key (who has access to the private key).”
yeah its type mistake sorry english is not my first language
There will probably be way too many disagreements that I can foresee. Therefore I think your conditions cannot be met.
In case that isn’t an issue… Due to the huge extend of changes you’re suggesting it would be helpful if you’d establish a history as a contributor first. As mentioned, for the wiki improving Criteria for Choosing a Base Distribution would be good or a small non-controversial code contribution, bugfix, patch, feature.
Otherwise I think this forum thread has a high chance to result in a lot of discussion but no actual improvements.
1 Like
alright i just meant i could provide a “sample image” of how whonix should look like and u could develop whonix 2.0 based on that
and yes i will try helping with things, isn’t sdwdth ntp client need a write? i could do that
Yes but something smaller that needs little to no discussion would be better to establish a history as a contributor as a first time contribution.
1 Like
alright i submitted already a whonix wiki edit related to “end-to-end” signing comparsion table, i removed it because it dont make sense. as when u sign files u actually sign hash
I actually don’t agree to that either. Signing the hash, perhaps but that’s getting into semantics. But signed debs… Well, see end-to-end signed debs. debsign, debsig and dpkg-sig. It’s about end-to-end signed packages (or hashes of these packages). Therefore shouldn’t be deleted from the criteria without replacement.
it might also be worth creating a whonix wiki page related to vlc and including info about fact a backdoor was mentioned in cia vault 7 leak
(ignoring fact it is included by default in whonix hmm)
also stating that a video player is not needed and users should use tor browser as video player might also be worth mentioning or just removing vlc all together from default builds and if someone wants vlc he can install it normally via terminal
For making huge negative claims such as xxx is backdoored if it’s not a well known fact that can be trivially verified with search engines, it always helps to add weblinks to authoritative sources (research papers, news reports, originals) as well as a short specific citations which is making that point.
1 Like
ok, on wikileaks you can download vault 7 leaks and read documents regarding cia cyber attack tools, in one paper it mentioned a backdoor in vlc (without mentioning how the backdoor actually works)
the wiki does not mention vlc but the paper did, idont have direct download for vault 7 but im sure a quick search will give u some good torrents for download
(im not making claims its in the document also i dont think if something like vlc is backdoored by cia u would be able to “trivially find it via search engines” but thats just my only claim lol)
That’s a huge release.
The burden of proof is on the one making the claim. So before adding it to the wiki, we need much more specific evidence and cannot just write “somewhere in vault 7 go look for a torrent somewhere”.
Also VLC backdoor. Perhaps a vulnerability? Backdoor is a big word. I think if there would have been a backdoor in VLC, that would have been in mainstream news as well as that backdoor would have been analyzed by the security community who would have jumped onto it. Would be easily found on search engines.
1 Like
yeah i agree on this
i think i got documents downloaded somewhere, i will read it again and provide the paper it mentions it but might take some time
could be, from what i remember they kept details vague and it wasn’t just vlc bunch other software that the wikipedia does not mention or it would be a book