[Freedombox-discuss] secure UUIDs
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Jul 21 22:26:02 UTC 2013
Hi Jonas--
On 07/20/2013 02:38 PM, Jonas Smedegaard wrote:
> I do understand that use of MAC addresses is part of the RFC standard
> and is legal to circumvent. My concern here is that it sounds like the
> quite common libuuid may leak MAC address by _default_ i.e. need special
> care at each use that may later be exposed to external hosts.
The subject of this thread is "secure UUIDs" -- but i take it from the
content that the only concern is about leaking the system's MAC
addresses via a generated UUID.
there are many other ways that a system can "leak" a MAC address,
including simply talking to other machines on the local network segment
(of course), and using standard IPv6 address allocation schemes (without
the "privacy extensions" -- see "privext" in interfaces(5) or read
http://tools.ietf.org/html/rfc4951).
While i think it would be great if someone wanted to make sure that the
default UUID generation in the toolchain we use doesn't leak the MAC
address, i don't think that's going to solve the "mac address leak"
problem. Seems like if you want to solve that problem at a deeper
level, you should regularly change the mac address of your machine.
Maybe the work that tails folks are doing would be useful here:
https://tails.boum.org/blueprint/macchanger/
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130721/f3a61f61/attachment.sig>
More information about the Freedombox-discuss
mailing list