Why do 3TOFU?
Unfortunately, many developers think that hosting their releases on a server with https is sufficient to protect their users from obtaining a maliciously-modified release. But https won’t protect you if:
- Your DNS or publishing infrastructure is compromised (it happens), or
- An attacker has just one (subordinate) CA in the user’s PKI root store (it happens)
Generally speaking, publishing infrastructure compromises are detected and resolved within days and MITM attacks using compromised CAs are targeted attacks (to avoid detection). Therefore, a 3TOFU verification should thwart these types of attacks.
Note on hashes: Unfortunately, many well-meaning developers erroneously think that cryptographic hashes provide authenticity, but cryptographic hashes do not provide authenticity – they provide integrity.
Integrity checks are useful to detect corrupted data on-download; it does not protect you from maliciously altered data unless those hashes are cryptographically signed with a key whose private key isn’t stored on the publishing infrastructure.
1 Like