Re: [systemd-devel] Secret machine-id for RFC 7217 stable addresses

[Damien Robert]

Tom Gundersen  wrote in message
:
> If I understand correctly, most of the point of RFC7217 is achieved
> even if the secret key is known. The important point is to have a good
> hashing function, and in that case knowing the secret key will not let
> you discover any of the other parameters (which are the ones you
> really want to hide).

Well if you know the secret key and the hash, you can do an exhaustive
search on the other parameters to recover them since they have low
entropy.

> Moreover, if the point is privacy, if an attacker has access (in some
> way) to the machine-id, there is no point in him going after the
> interface identifier as he can already identify the client.
> Given those two facts, might it not be sufficient to use the
> machine-id as the secret key after all?

It all depends on your model of security. You could imagine an attack where
an attacker known several machine-ids (for whatever reason, I can imagine
for instance a client downloading a vm preseeded with a machine-id). Then
when the client connects to the attacker, the attacker can try to hash all
his known machine-ids and the other low entropy parameters into the hash
function to get a match, in order to recover the machine-id and hence break
privacy.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Secret machine-id for RFC 7217 stable addresses

[Simon McVittie]

On 08/10/15 21:47, Tom Gundersen wrote:
> On Mon, Sep 7, 2015 at 7:49 PM, Lubomir Rintel  wrote:
>> This sounds a bit like machine-id, unfortunately given it's world
>> readable and available via DBus (and possibly on a network?) it
>> doesn'tseem to be secret enough.

For context, the D-Bus machine ID (on which the systemd machine ID was
based) was intended to be used somewhat like the hostname, except with
the expectation that it is actually unique (unlike hostnames, which are
user-meaningful and therefore somewhat likely to collide). For instance,
GNOME's displays control panel stores a separate monitor layout per
machine ID, so that each machine has its appropriate monitor layout even
if they NFS-share a home directory.

Like a hostname, the machine ID is not really meant to be secret; for
instance, I think it would be OK to use the machine ID as a fallback
hostname, which could result in it being sent over the network in DHCP
or mDNS packets.

> A priori, it would perhaps have been nice to consider the real
> machine-id on disk to be "secret", and only ever expose a hash of it

How secret is "secret" here? Readable by root only? Readable by root and
system users? Readable by all local users? If a system component like
systemd (or D-Bus for that matter) is going to provide this as a "system
API", then it needs to be well-defined.

From the D-Bus point of view, in new installations it seems fine to use
the hash of a random secret as a basis for the world-readable machine
ID. However, in existing installations that are upgraded, the old
machine ID should always be preserved.

S

-- 
Simon McVittie
Collabora Ltd. 

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Secret machine-id for RFC 7217 stable addresses

[Tom Gundersen]

Hi Lubomir,

Sorry not to have responded to this earlier, but as I was just
reminded of this, here are my take:

On Mon, Sep 7, 2015 at 7:49 PM, Lubomir Rintel  wrote:
> the RFC 7217 specifies an algorithm for generating an IPv6 host address
> that stays stable in a particular network but changes when the machine
> enters another network to prevent tracking [1]. It works by hashing a
> tuple of various parameters one of which is "secret_key" -- a secret
> value specific to a particular machine.
>
> [1] https://tools.ietf.org/html/rfc7217#section-5
>
> This sounds a bit like machine-id, unfortunately given it's world
> readable and available via DBus (and possibly on a network?) it doesn'tseem 
> to be secret enough.
>
> I'm wondering if it would make sense to reuse some of the tooling?
> Would it make sense to extend systemd-machine-id-setup(1) to generate
> one more identifier or maybe add another tool to set up the secret id?

A priori, it would perhaps have been nice to consider the real
machine-id on disk to be "secret", and only ever expose a hash of it,
but that ship has sailed I'm afraid. We could of course introduce a
second machine-id as you propose, but before doing that I'd like to
fully understand if that really solves the problem.

If I understand correctly, most of the point of RFC7217 is achieved
even if the secret key is known. The important point is to have a good
hashing function, and in that case knowing the secret key will not let
you discover any of the other parameters (which are the ones you
really want to hide).

Moreover, if the point is privacy, if an attacker has access (in some
way) to the machine-id, there is no point in him going after the
interface identifier as he can already identify the client.

Given those two facts, might it not be sufficient to use the
machine-id as the secret key after all? Or am I missing something?

Cheers,

Tom
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] Secret machine-id for RFC 7217 stable addresses

[Lubomir Rintel]

Hello,

the RFC 7217 specifies an algorithm for generating an IPv6 host address
that stays stable in a particular network but changes when the machine
enters another network to prevent tracking [1]. It works by hashing a
tuple of various parameters one of which is "secret_key" -- a secret
value specific to a particular machine.

[1] https://tools.ietf.org/html/rfc7217#section-5

This sounds a bit like machine-id, unfortunately given it's world
readable and available via DBus (and possibly on a network?) it doesn'tseem to 
be secret enough.

I'm wondering if it would make sense to reuse some of the tooling?
Would it make sense to extend systemd-machine-id-setup(1) to generate
one more identifier or maybe add another tool to set up the secret id?

Thoughts?

Thanks,
Lubo
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel