[Opendnssec-develop] hsm-toolkit questions
Rick van Rein
rick at openfortress.nl
Wed Mar 11 18:15:11 UTC 2009
A formal remark, and a practical one:
> Do we care which algorithm/version is used to generate the uuid?
The idea of a UUID is that it is globally unique, by taking into
account some system-specifics, something time-specific and something
random and hashing it all into a nice, fixed-size string.
> If it
> is time then it could leak some information about key generation time
> and mac address of the machine used. Not that this uuid will ever be
> made public. With at least one lib we can force a fully random uuid.
There is no such thing as a random UUID; there are UUIDs (which are in
part random) and, as a totally different thing, random numbers that
may or may not look alike.
I see no danger in "leaking" the generation time, because an HSM uses
a strong source of random numbers, instead of srand(time()).
More information about the Opendnssec-develop