[systemd-devel] Secret machine-id for RFC 7217 stable addresses

[Damien Robert]

Tom Gundersen  wrote in message
<CAG-2HqVCVQFPgQeAAGxbp0ZTC+30dFD_Lc5+sHWnhObMsX8GpQ at mail.gmail.com>:
> If I understand correctly, most of the point of RFC7217 is achieved
> even if the secret key is known. The important point is to have a good
> hashing function, and in that case knowing the secret key will not let
> you discover any of the other parameters (which are the ones you
> really want to hide).

Well if you know the secret key and the hash, you can do an exhaustive
search on the other parameters to recover them since they have low
entropy.

> Moreover, if the point is privacy, if an attacker has access (in some
> way) to the machine-id, there is no point in him going after the
> interface identifier as he can already identify the client.
> Given those two facts, might it not be sufficient to use the
> machine-id as the secret key after all?

It all depends on your model of security. You could imagine an attack where
an attacker known several machine-ids (for whatever reason, I can imagine
for instance a client downloading a vm preseeded with a machine-id). Then
when the client connects to the attacker, the attacker can try to hash all
his known machine-ids and the other low entropy parameters into the hash
function to get a match, in order to recover the machine-id and hence break
privacy.