Hi fellow FreedomBox developers, I just stumbled upon the following potentially interesting for someone here to investigate further:
Perl module [Data::UUID::MT] includes in its documentation a comparison between Perl-based UUID generators, including weak uses of random data and details like "For libuuid based modules, Version 1 UUIDs will include the actual MAC address, if available". [Data::UUID::MT]: https://metacpan.org/module/Data::UUID::MT Perhaps an interesting task to investigate...: * Is that documentation accurate and up-to-date? * How do non-Perl UUID generators compare (e.g. libuuid bindings)? I do understand that use of MAC addresses is part of the RFC standard and is legal to circumvent. My concern here is that it sounds like the quite common libuuid may leak MAC address by _default_ i.e. need special care at each use that may later be exposed to external hosts. Cc'ing Daniel explicitly as he has requested in the past to be nudged gently regarding security-related issues :-) - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
