Date: Tue, 27 Jan 2026 22:08:14 +0100 From: "Patrick M. Hausen" <pmh@hausen.com> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: freebsd-current@freebsd.org Subject: Re: we should enable RFC7217 by default Message-ID: <45359118-7492-457D-A9A0-CFA37EBA125B@hausen.com> In-Reply-To: <B32765C1-568D-4104-908A-0BFD70CB1CD8@hausen.com> References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> <aecexj2ljvrt343rqcywqvfy7mbr7vqppiklxqbs6bcrhvm3l7@f4uatudmhcku> <0f5fcd3d-b189-49f5-ac81-d4fb48d90a77@FreeBSD.org> <n7aw5afsi5nclf5z4p4txyh2ixrsik2ludwcbrhmszce2ohzlf@ngx6ukw2il7t> <f02cc984-c41e-4ed9-b3b0-6037e4104091@FreeBSD.org> <blfdmylxcqo5velvfztcsv6ap6eccvfrb5jh7ojgegrhbaodo7@aodorlp357k6> <39a63487-ee9a-4792-a787-d476ae6f6a0c@plan-b.pwste.edu.pl> <B32765C1-568D-4104-908A-0BFD70CB1CD8@hausen.com>
index | next in thread | previous in thread | raw e-mail
Hi! > Am 27.01.2026 um 21:55 schrieb Patrick M. Hausen <pmh@hausen.com>: > > HI all, > > Am 27.01.2026 um 21:46 schrieb Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>: > >> To narrow the impact, I suggest switching to the MAC address as the default key source instead of the interface name. > > If I read the relevant RFC correctly the main argument for stable addresses in contrast to > traditional EUI-64 is the narrowing of the search space in sweep scan attacks. > Because the OUIs which make up half of the order of magnitude are well known. > > Isn't that the case, too, if we start with the MAC address and the hash algorithm > by which the final address is generated is public? I was probably jumping to conclusions to quickly - interface names are also quite predictable. So what kind of "real entropy" is intended to bring into the hash? Host UUID probably? Kind regards, Patrickhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45359118-7492-457D-A9A0-CFA37EBA125B>