After imported whonix workstation, I received the following messages when trying to install tor browser for the first time.
====================================
Currently installed version:
None installed. (/home/user/tor-browser_en-US does not exist.)
Downloaded version :
5.0.3
We have not previously accepted a signature yet. Therefore assisted check for downgrade or indefinite freeze attacks skipped. Please check the Current Signature Creation Date looks sane.
Previous Signature Creation Date:
Unknown. Probably never downloaded a signature before.
Last Signature Creation Date :
September 21 12:11:41 UTC 2015
The signature looks quite old already.
Either,
your clock might be fast (at least 12 days 12 hours 41 minutes 42 seconds fast). In that case, please run Timesync: Start menu -> Applications -> System -> Timesync. Or in Terminal: timesync.
there is really no newer signature yet. The signature is really older than 30 days already. (Older than 12 days 12 hours 41 minutes 42 seconds already.)
this is a update-torbrowser bug
this is an attack
gpg reports:
gpg: Signature made Mon 21 Sep 2015 12:11:41 PM UTC using RSA key ID D40814E0
gpg: Good signature from "Tor Browser Developers (signing key) "
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: BA1E E421 BBB4 5263 180E 1FC7 2E1A C68E D408 14E0
[quote=“Patrick, post:2, topic:1564”]Make sure you read and apply this:
It’s not an error. It’s a confirmation question.
Read the message. Understand it. Act accordingly.
See also:
What part of that message you do not understand?[/quote]
Thank you for providing the helpful links Patrick.
I am using a new laptop with newly installed open sources OS as host, so I assume malware is probably not the cause.
Pls forgive me for asking these stupid & paranoid questions as a newbie to the community.
I have update the system time and it is for sure accurate.
According to the received message, is EITHER
It is indeed a fact that the signature is created on September 21 12:11:41 UTC 2015 and it was Older than 12 days 12 hours 41 minutes 42 seconds when I was installing the tor browser. (Pls verify this with me if possible, or pls provide me a method of how to check this)
OR
I was under attack. If this is real, should I reinstall the the host system and do everything over again? Or should I just reinstall the workstation? Plz suggest a safest way of solving this problem.
OR
This is a bug in TorBrowser updater, but I think it is very unlikely.
Even if it was an attack, there is no need to reinstall, because then it would have been detected and nothing gone wrong.
That’s left to you to figure out. You can either take it on faith and just accept or do research on your own. That confirmation dialog is just for increased security. Whether you make use of it or not is up to you.