Hi! > Am 27.01.2026 um 21:55 schrieb Patrick M. Hausen <[email protected]>: > > HI all, > > Am 27.01.2026 um 21:46 schrieb Marek Zarychta <[email protected]>: > >> To narrow the impact, I suggest switching to the MAC address as the default >> key source instead of the interface name. > > If I read the relevant RFC correctly the main argument for stable addresses > in contrast to > traditional EUI-64 is the narrowing of the search space in sweep scan attacks. > Because the OUIs which make up half of the order of magnitude are well known. > > Isn't that the case, too, if we start with the MAC address and the hash > algorithm > by which the final address is generated is public?
I was probably jumping to conclusions to quickly - interface names are also quite predictable. So what kind of "real entropy" is intended to bring into the hash? Host UUID probably? Kind regards, Patrick
