开发者

How easy is it for a GUID you generate to identify you?

开发者 https://www.devze.com 2023-03-02 12:56 出处:网络
I hear that the creator of the melissa worm was convicted based on the fact that the GUIDs generated could be linked back to a MAC Address of a computer he used.

I hear that the creator of the melissa worm was convicted based on the fact that the GUIDs generated could be linked back to a MAC Address of a computer he used.

How 开发者_运维百科hard is it to do this? And what data do they need other than the GUID? Like the MAC Address itself or the time it was created?


That relates to a specific version 1 UUID included in the office document that contained the macro virus, this was becuse it came from UuidCreate/Sequential which did contain MAC info;

For security reasons, UuidCreate was modified so that it no longer uses a machine's MAC address to generate UUIDs. UuidCreateSequential was introduced to allow creation of UUIDs using the MAC address of a machine's Ethernet card.


It depends on how and by what OS/library that GUID was generated. As of Windows and its standard UuidCreate() function:

The UuidCreate function generates a UUID that cannot be traced to the ethernet address of the computer on which it was generated. It also cannot be associated with other UUIDs created on the same computer.

Here: http://msdn.microsoft.com/en-us/library/aa379205(v=vs.85).aspx


Whether or not you can identify someone based on a UUID (GUID) depends entirely on the implementation.

RFC 4122 (the RFC for UUID) has three reference implementation (see http://www.ietf.org/rfc/rfc4122.txt) the first of which uses the MAC-address in the unique node identifier, but the other two uses random numbers instead. I've seen both in libraries and sometimes libraries have a switch between these methods, so the only way to know for sure is to read the documentation/source for the specific library you use for UUID/GUID generation.

Usually the MAC-address is hashed, so you could compare the original to the generated, but not decypher the original MAC-address only from knowing the UUID. So far I have only seen UUID generators that don't hash the timestamp so that is easier to find. There is a simple tool that can decode a UUID for you (see http://linux.die.net/man/1/uuid)

0

精彩评论

暂无评论...
验证码 换一张
取 消