Date: Tue, 19 Dec 2006 10:30:41 -0500 From: Mike Meyer <mwm-keyword-freebsdhackers2.e313df@mired.org> To: Koen Martens <fbsd@metro.cx> Cc: freebsd-hackers@freebsd.org Subject: Re: unique hardware identification Message-ID: <17800.1441.406848.339959@bhuda.mired.org> In-Reply-To: <4587F6F1.1050000@metro.cx> References: <4587F6F1.1050000@metro.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
In <4587F6F1.1050000@metro.cx>, Koen Martens <fbsd@metro.cx> typed: > Hi All, > > I was wondering, if something like a unique hardware identification > would be possible on FreeBSD. > > I'd like a machine to authenticate to a server, for which it will > need a unique identification. Problem is, it should be generated > automatically and not easy to fake / detect without already having > root access to the box. At this point, you've actually described two different things: "identifying the hardware" and "identifying to the server". The latter just takes a string of bits that only exist in the client, like ssh keys. Looking into something like OpenVPN's various authentication mechanisms should give you ideas on various ways to do this. Identifying the hardware is a bit trickier, because you have to have a policy about what to do in the face of hardware changes, which will influence what goes into your signature. You suggested disk serial numbers. Does adding a disk invalidate the hardware id? Does it matter which disk you booted from if you've got two disks in the id? Etc. At the exterme low end, you can use an ID from something that's trivially replacable, like an ethernet MAC. In the middle, you mix in an id from every bit of kit that you don't want the user to be able to change. At the extreme high end, you want to look into "Trusted Computing", which is a technology designed to create a computer that the content vendors will trust enough to put content on. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17800.1441.406848.339959>