[Cryptography] Insufficient MAC randomization
Ryan Carboni
ryacko at gmail.com
Mon Feb 12 14:22:04 EST 2018
MAC randomization for only probe requests in insufficient. MAC addresses
used for wireless communication should be the product of a hash of the SSID
and some secret value.
There is the risk that there is a collision of MAC addresses, but most
networks don't handle that many devices, and wifi MAC addresses in use
could be detected.
Although I wonder if that even matters.
https://en.wikipedia.org/wiki/Radio_fingerprinting
Ideally ethernet switches are abolished, and replaced with simple routers
that can assign up to 256 IP addresses, taken from a central DHCP server.
10.0.0.0/8 is enough for any network using NAT.
Makes VLANs easier to secure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180212/ff77b476/attachment.html>
More information about the cryptography
mailing list