The SHASUMS is not signed by Gavin's Code Signing key.
It is signed by Wladimir's key, which is itself signed by Gavin's key, but still, this freaked me out momentarily when I went to verify it.
For those needing to verify the downloaded files, it would be done like this:
gpg --recv-keys 2346C9A6
gpg --list-sigs 2346C9A6
If you already have Gavin's CODE SIGNING KEY on your key, the output for the second command above should include something like:
sig 1FC730C1 2011-12-15 Gavin Andresen (CODE SIGNING KEY) <gavinandresen at (nospam...) gmail.com>
Which means Wladimir's key should be trusted.
Another question however is did anyone ever in person verify pgp fingerprints from Gavin, Wladimir or other devs? When doing some reading on GPG, I see this is something that's recommended to do to establish trust, also calling someone and having them read their fingerprint out loud, if you already know them by person could be an option.
As Bitcoin is some very serious stuff, I can at least see persons responsible for larger amounts of funds in bitcoins, having the need to do fingerprint comparision to ensure keys are correct. Or do people in general just accept that downloaded keys should automatically be trusted?
The way to get Bitcoin Core, is to download it from
https://bitcoin.org/bin/0.9.3/, then run sha256sum on the binary you downloaded, and verify output against the corresponding SHA256 Hash in the SHA256SUMS.asc file. And then this file itself has to be verified to see if it turns up valid. And if you do not have Wladimir's key, it needs to be retrieved as I described earlier in this post (you could always look it up on a gpg key server).
To verify the file:
gpg --verify SHA256SUMS.asc
, and get something like this:
$ gpg --verify sig.asc
gpg: Signature made Mon 29 Sep 2014 04:44:14 PM CEST using RSA key ID 2346C9A6
gpg: Good signature from "Wladimir J. van der Laan <laanwj at (nospam...) gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6
Now if you already trust Gavin's key, then all should be swell. However, what if you just got hired to be the financial manager of finances at say Overstock.com, and you need to ensure that there's no friggin way that your 10 million dollars worth of BTC will be compromised in anyway, be it a malicious binary or otherwise.
Would it not be in the power of, let's say the NSA, or any other intel agencies to conduct a MITM? I don't know all the details, but there's been incidents of SSL certificates being stolen, so that an entity can claim to be somebody they're not, and serve malicious data to the user? And as such certificates can be stolen, I would think they could've been obtained through other methods as well..
Bitcoin.org's security certificate says: "You are connected to bitcoin.org which is run by (Unknown), Verified by GeoTrust, Inc., which is a US company.
So let's say that your download from bitcoin.org is compromized by an intel org which manages to make the site seem like everything's fine by connecting you over https but conducting a MITM. So you receive a malicious binary. Most users will not verify their download, and happily run Bitcoin Core. There's no instructions for verifying the downloads at the download page at bitcoin.org afaik.
So the amount of users who downloaded without verifying the downloads are now all compromised, the malicious software could do anything now really, like stealing all the bitcoins - installing a keylogger on the users machine, transferring private files, without the user knowing etc. Most likely, bitcoins would not be stolen, as this would alert the user base about the issue quite quickly, good thing is we have diversification in the bitcoin ecosystem, so not everyone is running the same software, or downloading from the same place all the time.
But let's say the download was MITM attacked, and the user wants to verify the download. He could just get Wladimir's key off a pgp-key-server and be done with it, but how can he be sure that the key actually belongs to Wladimir? Could not also this download of the public key be compromized by a MITM attack? But, wait, Gavin has signed that key. Let's get Gavin's key? So we download it, from the web somewhere or from a public key server, we could still be mitm attacked.
So let's say you now have the binaries, the signature file, and you verify it against Wladimir's pubkey, which is signed by Gavins pubkey, and you think everything's good. The fact is that you could be fooled at this point. Does anyone remember the BGP Hijacking, where some clever hacker stole all the traffic for numerous miners, such that all the mined bitcoins would end up in his hands? He went off with 83K USD worth of bitcoins.
What if you're up against a more powerful entity, that really knows how to do MITM attacks? How could you secure yourself? What if your friend went to a bitcoin conference, then saw Gavin in person, and then he checked the fingerprint of Gavins CODE SIGNING KEY on his laptop and compared it to the actual fingerprint which Gavin could provide in person?
Then you would know that Gavin's CODE SIGNING KEY is legit, and by extension, if Gavin trusts Wladimir, then you should also trust Wladimir. However, Wladimir (no offence meant at all)
could be associated with some intel org and he
could inject malicious code into the binary, which any dev which had the right permissions could do, be it Gavin, Wladimir or anyone else that has the power to make a release of the Bitcoin Core software. So even, if we have established that fingerprints were correct, we would still need to trust the devs not to do anything nefarious.
The only other way to ensure we're 100% safe, is to study the source code, and then for every sucessive release, do a diff and check that nothing nefarious has snuck in. And then compile it ourselves, but then again, what guarantee is there that none of the libraries that the code depends on, or the compiler itself has been compromised?
The subject of Bitcoin security is quite complicated, but just imagine how much damage could be done for the right group of malicious hackers, if they manage to MITM attack quite a few users, they could monitor the users balances, and then at a given time, they could issue commands, if not preprogrammed in the binary, to empty the wallets completely, or upon next successful entering of the passphrase by the user, emptying the wallet completely.
Who knows if NSA or any other intel org not at this very moment has dedicated teams working on these scenarios.
Provided we do trust the developers, which I believe most do, we should also trust the software that they release, but how can we do that if we do not know with 100% accuracy that the pgp keys are actually belonging to who they're claimed to belong to?
Perhaps even more likely than the NSA scenario is one or a group of hackers working in concert. For instance, if such a group has access to all the traffic that goes through an ISP, they could manipulate the traffic anyway they'd like and with a stolen SSL certificate for bitcoin.org, they could redirect traffic and post malicious binaries for users to download, no? Of course, there's many hurdles to overcome, but there's some pretty advanced hackers out there that could pull of some serious tricks.
A market currently valuated at approx 5,000,000,000 USD is bound to atract some interest. I know the cap's just an imaginary number based on number of bitcoins multiplied with the current price, I digress..
But the final question would then be: How do a normal user ensure he's running Bitcoin Core safely, and how do a small business ensure they do not get wiped our completely, and how will major companies deal with the risk when they go heavily into the Bitcoin market? I would think such companies would have dedicated security engineers for such purposes.
So, I'm just thinking ahead, and wondering when we will see the most sophisticated attacks against the bitcoin infrastructure. Another problem would be the bad publicity, newspapers and TV-stations reporting about small businesses totally wiped out by the 'bitcoin hack', and then followed by very serious government types proclaiming that Bitcoins are inherently unsafe, and it's best to deal with regulated currencies that is issued and controlled by the state.
I'm not going into conspiracy territory with this, but knowing how relaxed many people are in regards to security, I would think there will be at least a few disasters ahead of us. Could that be prevented, and what measures are in place to prevent this from happening?
An answer could be, anybody could read the code, the code for all included libraries, and then compile it themselves. But who could do that? Could even a group of 5 experts do this and really understand everything in a short period of time? Sure, the source code is available, but for the majority of people, this is not something they'll ever concern themselves with.
If those running bitcoin.org reads this, it would be very interesting to know the stats, how many people download the binaries, as opposed to those downloading binaries and the checksum file? I would think many don't care about the verification.
Perhaps this was the wrong thread to ask these questions, but then the discussion could be branched out in a separate thread by a mod.
Also, I'm eternally thankful to everyone that works hard to make bitcoin exist, so this is by no way an attack on anyone, it's just an attempt at thinking about the different scenarios where users could be hurt, and wanting to learn others opinions about this, as I know there are very many smart people in this community.
