User: Password:
Subscribe / Log in / New account

MAC address as random input?

MAC address as random input?

Posted Jul 21, 2012 22:42 UTC (Sat) by Max.Hyre (guest, #1054)
Parent article: Random numbers for embedded devices

This may just exemplify a little learning being a dangerous thing, but doesn't IPv6 put the MAC address in the packet header? If so, ungood.

(Log in to post comments)

MAC address as random input?

Posted Jul 23, 2012 19:14 UTC (Mon) by BenHutchings (subscriber, #37955) [Link]

By default, the local part of the IPv6 address is the MAC address with 16 constant bits in the middle. There is an option to use 'privacy extensions' which means the local part is randomised (sysctl net.ipv6.conf.all.use_tempaddr; Documentation/networking/ip-sysctl.txt).

MAC address as random input?

Posted Jul 25, 2012 18:45 UTC (Wed) by kleptog (subscriber, #1183) [Link]

Note that the default varies by implementation. Various versions of windows default to privacy extensions.

Privacy extensions means your IP changes regularly, usually once a day. For servers you don't want that, but for client PCs the tradeoff is different. If it bugs you you can set the IP address yourself.

Note the link-local address always includes your MAC address, but that address never leaves the LAN, and everyone on your LAN needs your MAC address anyway to talk to you.

MAC address as random input?

Posted Jul 26, 2012 12:18 UTC (Thu) by farnz (subscriber, #17727) [Link]

More accurately, it adds an extra IP that changes regularly; you still have the permanent IP that you would have if you didn't enable privacy extensions, but you also have a temporary IP that changes, and that is used in preference to your permanent IP for outgoing connections.

The idea is that if you give me your permanent IP, I can connect to you. If you don't, the only IP of yours I know about is your temporary IP, which changes regularly - so while it's fine for the duration of communication you initiated, it's not useful in a few days time.

MAC address as random input?

Posted Jul 25, 2012 21:37 UTC (Wed) by pjm (subscriber, #2080) [Link]

Another thing to note is that it doesn't hurt to add lots of attacker-known data to the pool, so long as there's at least k bits of attacker-unknown data also in the pool. So using the MAC address by default is fine if there are some systems where attackers don't trivially know the value.

MAC address as random input?

Posted Jul 26, 2012 8:01 UTC (Thu) by nix (subscriber, #2304) [Link]

Quite. This is one reason why the BSDs et al don't bother with an entropy estimate: as long as there's *some* entropy, you're fine, and if it's wrong, you're very much not fine.

(I like the entropy estimator for a much more selfish reason: collecting randomness from some sources can be quite expensive, and we can use the entropy estimator as a high-water-mark to indicate that there's no point whatsoever providing more randomness because nobody's read much since we last shoved a bunch in. We could do much the same thing with a simple counter of "bytes read from /dev/*random by other users since last entropy fed in by a /dev/random writer", but that leaks information about those other users and might be considered ugly. The BSDs don't have a counter like this, and it makes the ekeyd ridiculously costly on those platforms because it has to pull entropy from the key and remix it for /dev/random all the time, even if the system is otherwise totally idle.)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds