[118786] in Cypherpunks
RE: Privacy leak in IPV6?
daemon@ATHENA.MIT.EDU (Lucky Green)
Thu Oct 7 22:53:34 1999
From: "Lucky Green" <shamrock@cypherpunks.to>
To: "Greg Broiles" <gbroiles@netbox.com>, <cypherpunks@cyberpass.net>
Date: Thu, 7 Oct 1999 19:32:49 -0700
Message-ID: <NDBBIFGOKODBCKDGJDKLAEDDCJAA.shamrock@cypherpunks.to>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <19991007160957.B27117@ideath.parrhesia.com>
Reply-To: "Lucky Green" <shamrock@cypherpunks.to>
Greg wrote:
> Bill Frezza, in an article at
> <http://www.techweb.com/se/directlink.cgi?INW19991004S0052>, points out
> that IPv6 apparently includes the hardware ethernet address in the IPv6
> network address of network clients, and that this has privacy
> implications heretofore undiscussed.
>
> Comments?
Having read the article by Frezza, I can't help but wonder if the gentleman
has spent much time researching the history and challenges faced by the
Internet Protocol (IP). Not to mention looking at IPv6...
To allow for trivial automatic plug-and-play IP address configuration, the
IPv6 designers took the logical and reasonable step of recommending the
lower 64 bits of an IPv6 address be set to the MAC address of the Ethernet
card (if present). Doing so does, however, leak information about the
manufacturer of the card.
The IPv6 user has four obvious choices:
o not worry about the fact that anybody can tell who made your network card
and thus potentially determine if a certain machine is a laptop or desktop
or whichever hardware exploits relevant for the card to employ.
o change the MAC address of the card. All Ethernet adapters that I am aware
of support this feature.
o not use Ethernet.
o convince their IPv6 implementation to use some other lower 64 bits than
those of the Ethernet card. This is trivial under Unix. I don't know if the
Windows IPv6 stacks support this feature, but that would be easy to test by
obtaining a Windows NT box and the various Windows IPv6 stacks. I greatly
suspect all IPv6 stacks allow for manual IP number configuration, if one
doesn't like the defaults.
Remember, under IPv6 *everybody* that as much as requests a single IP number
gets at least 80 bits of address space. You, me, MCI, my pet canary. No
questions asked. Thanks to IPv6, it is as simple as "I want 80 bits of IP
address space all for myself". "Here are your 80 bits".
There is no chance of an IP address collision should you accidentally chose
the same 64 bit MAC address as somebody else on the Net. A full 16 bits
would still be different.
For more (real) information about IPv6, see http://www.ipv6.org and
http://www.6bone.net
If you too would like to get 80 bits of address space all for yourself free
of charge, make sure to bug your provider to start routing IPv6. I'd start
bugging tomorrow morning. Or better yet, start tonight.
--Lucky
