[Opendnssec-develop] hsm-toolkit questions
jad at jadickinson.co.uk
Wed Mar 11 18:42:04 UTC 2009
On 11 Mar 2009, at 18:22, John Dickinson wrote:
> On 11 Mar 2009, at 18:15, Rick van Rein wrote:
>> There is no such thing as a random UUID; there are UUIDs (which are
>> part random) and, as a totally different thing, random numbers that
>> may or may not look alike.
> man uuid_generate
> " The uuid_generate_time function forces the use of the
> alternative algo-
> rithm which uses the current time and the local ethernet
> MAC address
> (if available). This algorithm used to be the default one
> used to gen-
> erate UUID, but because of the use of the ethernet MAC
> address, it can
> leak information about when and where the UUID was generated.
> This can
> cause privacy problems in some applications, so the
> uuid_generate func-
> tion only uses this algorithm if a high-quality source of
> randomness is
> not available.
Actually, let me be a bit more verbose.
1. You might want to read about the 5 versions of UUIDs mentioned in http://en.wikipedia.org/wiki/Universally_Unique_Identifier
(the URL already sent by Jakob.)
2. just in case you don't have a mac or linux the whole man page:
void uuid_generate(uuid_t out);
void uuid_generate_random(uuid_t out);
void uuid_generate_time(uuid_t out);
The uuid_generate function creates a new universally unique
identifier (UUID). The uuid will be generated based on high-quality
randomness from /dev/urandom, if available. If it is
not available, then uuid_generate will use an alternative
algorithm which uses the current time, the local ethernet MAC address
(if available), and random data generated using a
The uuid_generate_random function forces the use of the all-
random UUID format, even if a high-quality random number generator
(i.e., /dev/urandom) is not available, in which case a
pseudo-random generator will be subsituted. Note that the use
of a pseudo-random generator may compromise the uniqueness of UUID's
generated in this fashion.
The uuid_generate_time function forces the use of the
alternative algorithm which uses the current time and the local
ethernet MAC address (if available). This algorithm used to be
the default one used to generate UUID, but because of the
use of the ethernet MAC address, it can leak information about when
and where the UUID was generated. This can cause pri-
vacy problems in some applications, so the uuid_generate
function only uses this algorithm if a high-quality source of
randomness is not available.
The UUID is 16 bytes (128 bits) long, which gives
approximately 3.4x10^38 unique values (there are approximately 10^80
elemntary particles in the universe according to Carl Sagan's
Cosmos). The new UUID can reasonably be considered unique
among all UUIDs created on the local system, and among UUIDs created
on other systems in the past and in the future.
The newly created UUID is returned in the memory location
pointed to by out.
OSF DCE 1.1
Theodore Y. Ts'o
3. the mac uuid code on >=10.5 appears to be that from e2fsprogs
4. I agree there is little danger of leaking information - however, it
might be good practice to force the use of uuid_generate_random when
using the e2fsprogs uuid lib.
5. BTW - I do know what a UUID is :)
More information about the Opendnssec-develop