The Tails documentation about MAC addresses talks about the "first six bytes" and the "last six bytes", but MAC addresses are six bytes total, and the OUI and NIC parts are actually three bytes each.
This should be fixed by saying "six nybbles", "six hex characters, or "three bytes". I've opted for the latter, as i think it's more widely-understood. --- wiki/src/contribute/design/MAC_address.mdwn | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wiki/src/contribute/design/MAC_address.mdwn b/wiki/src/contribute/design/MAC_address.mdwn index 43733e6..314bdac 100644 --- a/wiki/src/contribute/design/MAC_address.mdwn +++ b/wiki/src/contribute/design/MAC_address.mdwn @@ -297,7 +297,7 @@ NetworkManager when MAC spoofing is enabled: [[!tails_ticket 6453]]. [[Limitation: Only spoof the NIC part of the MAC address|MAC_address#limitation-only-spoof-nic-part]] section below.** -The first six bytes of a MAC address determine the Organizationally Unique Identifier +The first three bytes of a MAC address determine the Organizationally Unique Identifier (OUI) which in practice determines the chipset's manufacturer, who generally owns several OUIs. Spoofing the OUI part in a way that satisfies our threat model is not straightforward because of @@ -333,7 +333,7 @@ common, consumer oriented hardware. ## Spoofing the NIC part of the MAC address -The last six bytes of the MAC address are meant to distinguish +The last three bytes of the MAC address are meant to distinguish individual devices among those with the same OUI. These should simply be selected at random, with the exception that we never allow it to stay the same, even if done in a fair, random way. Theoretically @@ -345,7 +345,7 @@ much worse. # Implementation The current implementation leaves the OUI part unchanged, and only spoofs the -last six bytes of any network device's MAC address immediately after +last three bytes of any network device's MAC address immediately after it is added by udev. Furthermore, to deal with potential network leaks before the user has chosen whether to enable MAC spoofing or not, the addition of network devices is delayed until after Tails Greeter knows @@ -475,7 +475,7 @@ well-understood. This is probably the main blocker for Tails to switch to `macchiato` and dare saying we satisfy the "Spoofing the OUI part of the MAC address" requirement from above. -What remains is to only spoof the latter six bytes, the NIC part. We +What remains is to only spoof the latter three bytes, the NIC part. We know it isn't a perfect strategy. The more uncommon the OUI of a user's device is, the more it can be used for tracking the user, i.e. the more it violates the `AvoidTracking` user goal. At least this -- 2.1.4 _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
