On linux, a machine comes with a machine_id.
From the man page, it is said to be considered as "confidential" and must not be exposed to unstrusted parties.
Should the boot_id (from /proc/sys/kernel/random/boot_id) also be considered "confidential" ?
I am using the first 6 hex number of the boot_id (so not the whole of it) as a way to know if the webserver has rebooted (or not), and displaying it on the main page. This is not however a public server. You need to log in.
There is nothing unique to that ID which would make it any more confidential than any other randomly-generated boot identifier. That is to say, if you use it in a way that turns it into sensitive material, then exposing it is of course a bad idea. If all you're using it for is checking if the machine has rebooted, then there's no reason it needs to be secret. It is generated by the kernel completely randomly.
From lib/uuid.c in the Linux kernel, the following function is used to obtain random UUIDs:
void generate_random_uuid(unsigned char uuid[16])
{
get_random_bytes(uuid, 16);
/* Set UUID version to 4 --- truly random generation */
uuid[6] = (uuid[6] & 0x0F) | 0x40;
/* Set the UUID variant to DCE */
uuid[8] = (uuid[8] & 0x3F) | 0x80;
}
EXPORT_SYMBOL(generate_random_uuid);
The kernel uses this function to generate a random UUID the first time kernel.random.boot_id is read and saves the result, returning it for any subsequent reads for the duration the system is up.
