(I can't comment on the other answers yet because I don't have 50 rep but it's totally wrong to believe that a MITM can't change what are on URLs protected by HTTPS you think you're seeing... A MITM could be anywhere in the middle, including between your online computer and your browser, making you believe the website you see is the correct one and making you believe the HTTPS signature is legit. Such kind of attacks, made possible by rootkits, are precisely one of the reason people do use fully offline computers and Live CD/DVD to create cold storage wallets)
For Linux the first thing is to d/l an .iso that you're going to burn and then, once burned, verify your .iso by checking the entire DVD from an offline computer.
What follows may look paranoid but it really isn't: it's just good security practices and only takes a few moments to do correctly...
Do not just verify the SHA1 of your .iso after you've downloaded it: it may be backdoored between the moment you've finished downloading it / checksuming it and during burning. Or the computer you're using to verify the SHA1 / burn it may be compromised and hence giving you back fake values.
Ideally you'd:
- find which file to download (e.g. ubuntu-13.10-desktop-amd64.iso )
- write down the exact filesize of the file (gonna be needed later on), in this case: 925 892 608 bytes
- burn your .iso to a DVD
Now do not make the mistake of using the self-verification procedure of your DVD once you boot it up. If it's backdoored, it's gonna tell you everything is fine.
Find the official SHA1 sums for the .iso file you've downloaded. These ones may be compromised too so you may want to call someone from your family or a friend on the phone and ask them to go to the URL containing the hashes or you may want to go to a public computer or a computer at work: anywhere not the same place you d/l'ed the DVD from.
Now from an offline computer (but not while booting from the DVD you just burned), do this to verify your DVD:
</dev/sr0 head -c "925892608" | sha1sum
You cannot just "cat /dev/sr0 | sha1sum" : won't work due to the last block which has a fixed-size on DVDs. You must enter the exact number of bytes.
This takes some time (30 seconds or so, depending on your hardware).
Notice the leading "<" in that command.
Check that your SHA1 is matching.
If it's matching, then it is very very highly probable that you have the official release. This is not a proof that the official release itself is not backdoored or that your CPU's rdrand function is not hardware-backdoored, but it's a good start.
So that's how I do it to verify my Linux Live DVD. Simply looking at the URL with the SHA1 hashes is not enough. If you're facing a MITM then your DVD is gonna be backdoored and the SHA1 hashes are gonna be forged too.
Which is why you use another channel to write down the SHA1: you either write it earlier/later in the day/week when you're at an entirely different place, using a different computer... Or you call someone far from your place and ask him to check the SHA1.
If you happen to trust the .gpg keys of Ubuntu you may use these to verify the hashes but if you're facing a MITM the attacker may be feeding you fake .gpg keys too.
https://help.ubuntu.com/community/UbuntuHashes – ripazha – 2013-11-16T12:32:04.037
Comment since it's not answering your question: an alternative would be to throw 99 6-sided dies (or a dice 99 times) and use that as your private key in http://www.bitaddress.org Guaranteed physical randomness and tamper proof!
– kaoD – 2014-01-15T10:40:54.750