[Freedombox-discuss] secure UUIDs

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Jul 21 22:26:02 UTC 2013

Hi Jonas--

On 07/20/2013 02:38 PM, Jonas Smedegaard wrote:

> I do understand that use of MAC addresses is part of the RFC standard 
> and is legal to circumvent.  My concern here is that it sounds like the 
> quite common libuuid may leak MAC address by _default_ i.e. need special 
> care at each use that may later be exposed to external hosts.

The subject of this thread is "secure UUIDs" -- but i take it from the
content that the only concern is about leaking the system's MAC
addresses via a generated UUID.

there are many other ways that a system can "leak" a MAC address,
including simply talking to other machines on the local network segment
(of course), and using standard IPv6 address allocation schemes (without
the "privacy extensions" -- see "privext" in interfaces(5) or read

While i think it would be great if someone wanted to make sure that the
default UUID generation in the toolchain we use doesn't leak the MAC
address, i don't think that's going to solve the "mac address leak"
problem.  Seems like if you want to solve that problem at a deeper
level, you should regularly change the mac address of your machine.

Maybe the work that tails folks are doing would be useful here:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130721/f3a61f61/attachment.sig>

More information about the Freedombox-discuss mailing list