X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:content-type:content-transfer-encoding :mime-version:from:reply-to:to:subject:date:message-id; q=dns; s=default; b=aZzZ6yGw0H0O+8zgAxWVWXdCQCzyB2QnrxXAX/YKjhsvmTw671 hCD2lZYzR3ye+PKz0JIPDLPNRATnVsP8m0mpZ/0oO0pjjs5xvh653lAQXf91wbwY 7BNZFutthJbf6TmPmg9lXaLXNfPEqoPluvh884YmDsBQBX1VUKSBWQOds= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:content-type:content-transfer-encoding :mime-version:from:reply-to:to:subject:date:message-id; s= default; bh=SRye6f0lVLAwbZeCLzIhZeFy0gc=; b=LICTyb6b85awy98Wmlz/ kaNb9sd9MIehEUXKLo/Zr637R69gLg5awALT9eCyRTJG1mMtCvitvWdA4kX1gi/k wrlcwC/bWl2WSlKS7603/B9dgRhWyrV4F9VMBDQXRUh9oU422q3apLl7+aa9Aw5S sXdX7IIbnPuVg6xne37GhX0= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS,UNPARSEABLE_RELAY autolearn=ham version=3.3.2 X-HELO: aibo.runbox.com Content-Type: text/plain; charset="utf-8" Content-Disposition: inline MIME-Version: 1.0 From: "David A. Wheeler" Reply-To: dwheeler AT dwheeler DOT com To: "cygwin" Subject: [PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks Date: Tue, 31 Mar 2015 14:08:11 -0400 (EDT) Message-Id: X-IsSubscribed: yes Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t2VI8cJI007703 Signed-off-by: David A. Wheeler --- winsup/doc/faq-setup.xml | 129 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 128 insertions(+), 1 deletion(-) diff --git a/winsup/doc/faq-setup.xml b/winsup/doc/faq-setup.xml index 614d4a9..3764214 100644 --- a/winsup/doc/faq-setup.xml +++ b/winsup/doc/faq-setup.xml @@ -156,6 +156,128 @@ and that installing the older version will not help improve Cygwin. + +How does Cygwin counter man-in-the-middle (MITM) attacks during installation and upgrade? + + + +A man-in-the-middle (MITM) attack occurs when an attacker secretly relays and +possibly alters the communication between two parties +who believe they are directly communicating with each other. +Here is how Cygwin counters man-in-the-middle (MITM) attacks +during installation and update (including enough details so +technical people can confirm it): + + + +The Cygwin website provides the setup program +(setup-x86.exe or setup-x86_64.exe) +using HTTPS (SSL/TLS). +This authenticates that the setup program +came from the Cygwin website +(users simply use their web browsers to download the setup program). +You can use tools like Qualsys' SSL Server Test, +, +to check the HTTPS configuration of Cygwin. +The cygwin.com site supports HTTP Strict Transport Security (HSTS), +which forces the browser to keep using HTTPS once the browser has seen +it before (this counters many downgrade attacks). + +The setup program has the +Cygwin public key embedded in it. +The Cygwin public key is protected from attacker subversion +during transmission by the previous step, and this public +key is then used to protect all later steps. +You can confirm that the key is in setup by looking at the setup project +() +source code file cyg-pubkey.h +(the key is automatically generated from file cygwin.pub). + +The setup program downloads +the package list setup.ini from a mirror +and checks its digital signature. +The package list is in the file +setup.bz2 (compressed) or +setup.ini (uncompressed) on the selected mirror. +The package list includes for every official Cygwin package +the package name, cryptographic hash, and length (in bytes). +The setup program also gets the relevant .sig +(signature) file for that package list, and checks that the package list +is properly signed with the Cygwin public key embedded in the setup program. +A mirror could corrupt the package list and/or signature, but this +would be detected by setup program's signature detection +(unless you use the -X option to disable signature checking). +The setup program also checks the package list +timestamp/version and reports to the user if the file +goes backwards in time; that process detects downgrade attacks +(e.g., where an attacker subverts a mirror to send a signed package list +that is older than the currently-downloaded version). + +The packages to be installed +(which may be updates) are downloaded and both their +lengths and cryptographic hashes +(from the signed setup.{bz2,ini} file) are checked. +Non-matching packages are rejected, countering any attacker's +attempt to subvert the files on a mirror. + + + + +Up through 2015 Cygwin used the MD5 algorithm for cryptographic hashes. +Cygwin used both MD5 and length checks, which makes some attacks harder +than if Cygwin used only MD5, +but MD5 is no longer considered a secure cryptographic hash algorithm. +The 2015-02-06 update of the setup program +added support for the SHA-512 cryptographic hash algorithm for +sigining the setup.ini package list, as described in +. +The announcement also noted that there will be a switch to SHA-512 +checksums in the setup.ini files. +There are no known practical exploits of SHA-512 (SHA-512 is part of the +widely-used SHA-2 suite of cryptographic hashes). + + + + +What else can I do to ensure that my installation and updates are secure? + + + +To best secure your installation and update process, download +the setup program setup-x86.exe (32-bit) or +setup-x86_64.exe (64-bit), and then +check its signature (using a signature-checking tool you trust) +using the Cygwin public key +(). +This was noted on the front page for installing and updating. + + +If you use the actual Cygwin public key, and have an existing secure +signature-checking process, you will counter many other +attacks such as subversion of the Cygwin website and +malicious certificates issued by untrustworthy certificate authorities (CAs). +One challenge, of course, is ensuring that +you have the actual Cygwin public key. +You can increase confidence in the Cygwin public key by checking older copies +of the Cygwin public key (to see if it's been the same over time). +Another challenge is having a secure signature-checking process. +You can use GnuPG to check signatures; if you have a trusted Cygwin +installation you can install GnuPG. +Otherwise, to check the signature you must use an existing trusted tool or +install a signature-checking tool you can trust. + + +Not everyone will go through this additional effort, +but we make it possible for those who want that extra confidence. +We also provide automatic mechanisms +(such as our use of HTTPS) for those with limited time and +do not want to perform the signature checking on the setup program itself. +Once the correct setup program is running, it will counter other attacks +as described in +. + + + Is Cygwin Setup, or one of the packages, infected with a virus? @@ -197,8 +319,13 @@ disk if you are paranoid. This should be safe, but only if Cygwin Setup is not substituted by -something malicious, and no mirror has been compromised. +something malicious. +See also + +for a description of how the +Cygwin project counters man-in-the-middle (MITM) attacks. + See also for a list of applications that have been known, at one time or another, to interfere with the normal functioning of Cygwin. -- 2.1.4 -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple