Re: [RFC][PATCH] Make cryptoapi non-optional?

From: Jamie Lokier
Date: Mon Aug 18 2003 - 12:59:34 EST

Next message: Alessandro Salvatori: "cannot stat hidden windows files in a cdrom..."
Previous message: Tom Rini: "Re: [PATCH] mark devfs obsolete"
In reply to: David Lang: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Next in thread: David Wagner: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Lang wrote:
> if you care about global uniqueness then you add in config values that the
> sysasmin sets to make it unique (could be MAC address, IP address, machine
> name, GPS coordinates, etc)

Even a good sysadmin cannot guarantee the MAC address is unique, IP
addresses are often duplicates (e.g. 192.168.1.x) unless you know they
aren't), and the machine name is likely to conflict with someone
else's in the world, but these are all good inputs to include.

> the only reason to add in a random value is if you are trying to protect
> yourself from a malicious sysadmin and there are security problems that
> will arise for other machines if a sysadmin can duplicate this ID.

Not just malicious sysadmins, but accidental conflicts due to
e.g. trusting your MAC address to be unique in the world, too.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alessandro Salvatori: "cannot stat hidden windows files in a cdrom..."
Previous message: Tom Rini: "Re: [PATCH] mark devfs obsolete"
In reply to: David Lang: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Next in thread: David Wagner: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]