Re: [Tails-testers] [Tails-dev] 2.0~rc1: Installed Partition…

Delete this message

Reply to this message
Author: random_user
Date:  
To: tails-testers
CC: tails-dev
Subject: Re: [Tails-testers] [Tails-dev] 2.0~rc1: Installed Partition Hash does Not Match That of ISO
On Mon, Jan 25, 2016, at 11:01 AM, Daniel Kahn Gillmor wrote:

> If you're using a GNU/Linux system, /dev/sdX (where X is a lower-case
> letter, like /dev/sdb) is the USB disk itself, and /dev/sdXN (where X
> is a lower-case letter and N is a number in decimal, like /dev/sdb1) is
> the partition.


That is what I meant; the PARTITION of the (USB flash) disk that the
Tails ISO was written to, i.e., /dev/sdXN (e.g., /dev/sdb1, /dev/sdc1,
etc.)

Sorry if I was not clear enough about that.

I realized all along that the full device (i.e., full disk) is always
larger (and usually much larger) than the ISO and the partition
containing the installed ISO (and therefore that the hashes for the
full-device will always be different than those for the Tails partition
that resides on said device.)

For past releases of Tails, the cryptographic checksums (sha256; sha1;
md5) for said partition would always match those of the ISO. This
allowed me to verify, first, that the write (using dd or cat) had
completed without error.

Additionally, at any time I wished, I could verify that my Tails
partition had not become corrupted by simply generating its hash and
then checking that hash against the hash that I knew to be the correct
one for the ISO that said partition was written from.

(I realize that the second function can still be performed by recording
the hash of the Tails partition that was generated immediately after
writing said partition to disk and then using said hash as the one to
compare against. But since the hash of the partition no longer matches
that of the ISO that said partition was written from, I would still be
left wondering whether the partition was properly written in the first
place AND, even if it was, WHY its hash no longer matches that of the
very ISO that it was created from-- as had been the case for me with all
past releases of Tails.)

Below is the sha256sum I get for the ISO, followed by the one I get for
the partition that was written from the ISO. (Note that I verified the
ISO against its signature.)

sha256sum tails-i386-2.0~rc1.iso
4df44c896a61fc9751463cf3a94d482f1ec0c6d1ae86b270758a2ded544e33d9
tails-i386-2.0~rc1.iso

sha256sum /dev/sdX1
3e813eee1d2a38902b31c1180e342237d2c66a36faebe37c065434a10c58fbf0
/dev/sdX1