[Freedombox-discuss] secure UUIDs
dr at jones.dk
Mon Jul 22 07:56:57 UTC 2013
Quoting Daniel Kahn Gillmor (2013-07-22 00:26:02)
> The subject of this thread is "secure UUIDs" -- but i take it from the
> content that the only concern is about leaking the system's MAC
> addresses via a generated UUID.
No, I suspect that "secure UUIDs" need care at more/different places
than frequently changing MAC address:
For someone interested in avoiding tracking, I assume it is important
that externally exposed UUIDs contain no device-specific parts.
We had a thread some time ago about quality of randomness and PRNGs.
The text I referenced also mentions that UUID generators vary in their
source and use of randomness. But perhaps I am mistaken and that only
affects risk of collision - that strong randomness only really affects
security when related to long-lasting key material (like initially
generating a PGP key or the private part for a cert)?
Also, it seemed that the Data::UUID implementation (i.e. the one not yet
in Debian) instead of MAC address uses a hash of other host-specific
data, which to me sounds like it is still usable to trach a device (and
Am Iperhaps silly here, that avoiding tracking implies avoiding UUIDs
altogether? Seems to me that e.g. torrents need to be uniquely
identifiable yet unable to identify its originating host!
(specifically, torrent tools probably take good care to avoid tracking -
mentioned just as a _kind_ of usecase involving both "universally unique
identifier" and need for tracking avoidance.)
> there are many other ways that a system can "leak" a MAC address,
> including simply talking to other machines on the local network
> segment (of course),
Yes. same-net devices need special concern, beyond what is needed for
communication with hosts on other networks (which is the main goal of
FreedomBox as I see it).
> and using standard IPv6 address allocation schemes (without the
> "privacy extensions" -- see "privext" in interfaces(5) or read
I have little knowledge (and no experience yet) with IPv6, but such
"privacy extensions" sounds pretty obviously something that FredomBox
would want always enabled when using IPv6.
> While i think it would be great if someone wanted to make sure that
> the default UUID generation in the toolchain we use doesn't leak the
> MAC address, i don't think that's going to solve the "mac address
> leak" problem. Seems like if you want to solve that problem at a
> deeper level, you should regularly change the mac address of your
> Maybe the work that tails folks are doing would be useful here:
For those caring about that, it probably is also of interest to check if
correct that Data::UUID uses _other_ device-specific data than MAC for
producing UUIDs - and if other UUID generators do similar.
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
More information about the Freedombox-discuss