[Opendnssec-develop] hsm-toolkit questions

Rick van Rein rick at openfortress.nl
Wed Mar 11 18:15:11 UTC 2009


A formal remark, and a practical one:

> Do we care which algorithm/version is used to generate the uuid?

The idea of a UUID is that it is globally unique, by taking into
account some system-specifics, something time-specific and something
random and hashing it all into a nice, fixed-size string.

> If it  
> is time then it could leak some information about key generation time  
> and mac address of the machine used. Not that this uuid will ever be  
> made public. With at least one lib we can force a fully random uuid.

There is no such thing as a random UUID; there are UUIDs (which are in
part random) and, as a totally different thing, random numbers that
may or may not look alike.

I see no danger in "leaking" the generation time, because an HSM uses
a strong source of random numbers, instead of srand(time()).


More information about the Opendnssec-develop mailing list