Hi all,
Have recently re-installed Whonix (virtualbox on Ubuntu) Had it all working well on previous occasions (until met with a problem - story for another time) but after this fresh install - I could not get the Tor Browser Download (via desktop link) to complete.
After about half an hour of slow downloading I would get the error message:
Failed to download
Possible reasons:The download server is down. File size exceeded (endless data attack triggered). Tor Browser Downloader (by Whonix developers) has been broken due to upstream changes. Recommendations: Try again later. If the error persists it probably won’t solve itself before the next update.
I attempted many times, same result, but never happened with my previous installation.
Searching these forums I found the suggestion to use command instead:
update-torbrowser --ordinary
This worked so quickly and easily, even though I thought this was essentially starting the same process, except from Command line rather than desktop link.
So I’m confused as to what the problem was? Or how about if the original attempt was sabotaged from the endless data attack - how would I know if so…? Also, although the command line succeeded, it gave this in the output:
INFO: Hash check ok.
Installation confirmation
Currently installed version: None installed. (Folder /home/user/.tb/tor-browser does not exist.)
Downloaded version : 7.5.3
We have not previously accepted a signature yet. Therefore assisted check for downgrade or indefinite freeze attacks skipped. Please check the Current Signature Creation Date looks sane.
Previous Signature Creation Date: Unknown. Probably never downloaded a signature before.
Last Signature Creation Date : March 26 09:44:32 UTC 2018
The signature looks quite old already.Either,
- your clock might be fast (at least 6 days 6 hours 13 minutes 34 seconds fast). In that case, please check your clock is correct.
- there is really no newer signature yet. The signature is really older than 30 days already. (Older than 6 days 6 hours 13 minutes 34 seconds already.)
- this is a update-torbrowser bug
- this is an attack
gpg reports:
gpg: Signature made Mon 26 Mar 2018 09:44:32 AM UTC using RSA key ID C3C07136
gpg: Good signature from "Tor Browser Developers (signing key) "
So suggesting that the signature is maybe old or that this is an attack…
How would I tell whether its an attack or not…? Is 6 days really too old for a signature? why did command download so quickly when the desktop link took almost an hour to inevitably fail…? If anyone could please help me to understand whats going on here I would be very grateful…!
Thanks