1

I'm considering an environment in which I will have to identify a computer.

In this scenario all hardware parts (CPU, HDDs, RAM, etc) won't change, while I'd like to consider a changing OS.

The goal is not to have to rely on any additional software or hardware other than the computer I want to identify and the plug-in software (like an executable on a usb key).

The goal is to have a unique identifier of the computer that isn't easily guessed and ideally can be manipulated to obtain an identifier with entropy high enough to be used to encrypt a message.

I can't find a better solution than obtaining the UUID of the computer and hash it.

I would obtain the UUID in Python in this way:

import uuid
uuid.getnode()

I was hoping there would be a better way to identify a computer.

kknickkk
  • 13
  • 4
  • 1
    Random and unique? You have a rather unusual choice of words there. Furthermore, "the UUID" of a machine does not exist. A simple device like a mouse may lack uniqueness altogether A complex device like a PC has multiple unique parts, and these may even change somewhat dynamically (laptop/docking station). – MSalters Sep 17 '19 at 14:27
  • You're right I will rephrase, more than randomic I'd need something with a high entropy or anyway hard to guess or replicate. Regarding the UUID that's the point I'm not sure about – kknickkk Sep 17 '19 at 14:32
  • 1
    You had me until you want this as a default key instead of an identifier. It seems like you have an X/Y problem. You can solve the key problem without the "static id with high-enough entropy". – schroeder Sep 17 '19 at 14:37
  • 2
    If it's fully random, it is indeed hard to replicate. But then it doesn't identify the hardware anymore. The two concerns are fundamentally at odds. To identify hardware, the process must be fully replicatable. – MSalters Sep 17 '19 at 14:38
  • What of the computer do you want to ID? What changes to the hardware would you accept? What if the OS changes? The HD? The CPU? How much would have to survive for you to still see it as a valid ID for the device? – schroeder Sep 17 '19 at 14:39
  • Mind you, if you've got full control over the hardware specification, then this is fairly easy. But if it's just "any device that's capable of running software", then you have to consider Virtual Machines as well. From an application perspective (such as Python), all hardware is an illusion. – MSalters Sep 17 '19 at 14:42
  • @schroeder I can circumvent the entropy problem hashing the ID, I believe. In my scenario I won't consider any modification of the hardware(HDD, CPU, RAM ...), regarding the OS I'd like have the ID independent from it. – kknickkk Sep 17 '19 at 14:44
  • @MSalters, let's say I have full hardware specification, what could I do? – kknickkk Sep 17 '19 at 14:47
  • 3
    @kknickkk: *"...I can circumvent the entropy problem hashing the ID..."* - hashing is deterministic. I does not "generate" entropy. – Steffen Ullrich Sep 17 '19 at 14:52
  • @kknickkk: Chances are that the CPU itself contains a unique ID. And if you're in control of the hardware specification, you specify a CPU that has such an ID. – MSalters Sep 17 '19 at 15:07
  • @MSalters, I'm not finding what I thought I would, on my unix machine `cpuid | grep -i serial` yields only this repeated line: `processor serial number: 0008-06EB-0000-0000-0000-0000` – kknickkk Sep 17 '19 at 15:25
  • @kknickkk: `cat /proc/cpuinfo | fgrep Serial` gives me `Serial : 24005035c61c20360c0e`. Linux, ARMv7 rev 5 (sun8i). More serial numbers? `dmidecode | fgrep Serial` gives a dozen. – MSalters Sep 17 '19 at 15:34
  • UUID of the computer doesn't exist but certain pieces of hardware have unique identifiers such as the CPU and any network cards. If you want a repeatable seed for running experiments then set it manually and use various options available that have a high degree of entropy such as mouse movement. – LTPCGO Sep 17 '19 at 17:57
  • Note that any command you run to get any type of hardware id can be patched, so there isn't much guarantee that your code is running on the "original" hardware. If all you want to do is encrypt a message, why can't you have the machine generate their own private key (signed by a certificate you control)? No raw id is likely to be unguessable enough, and hashing is unlikely to help (so you'd likely need a fully random key at that point anyways). – Clockwork-Muse Sep 17 '19 at 18:36

1 Answers1

2

uuid.getnode() in python returns the MAC address of one of the network interfaces installed - if there are none, it returns a random 48-bit number with the eight bit set to none as per RFC 4122.

That's as likely as good as you'll get. The UUID of the computer doesn't exist but often certain pieces of hardware have unique identifiers such as the CPU and any network cards. Of course, any of those bits of hardware could be swapped out. Since uuid.getnode() returns a random 48 bits on failure, and those 48 bits aren't secure, then you are much better off just using something like Crypto.Random.random.getrandbits(N).

All that said, you can identify a Windows computer to a small group, even if it's not unique, by looking at the key. How you do this will depend on your language, but it is definitely possible. You could also look at all the drivers currently loaded and use that as a method, which Windows itself has used and means a hard drive taken and inserted in another system won't work. Of course it also utilises information in TPM etc.

As stated in my comment, if you want a repeatable seed for running experiments then set it manually. If you want a random string, use various options available that have a high degree of entropy such as mouse movement.

Community
  • 1
LTPCGO
  • 965
  • 1
  • 5
  • 22