On Di, 08.01.19 10:11, Richard Hughes (hughsient(a)gmail.com) wrote:
On Tue, 8 Jan 2019 at 08:57, Lennart Poettering
> Yes, Tom's proposal makes sense. Calculate the UUID you submit as
> HMAC(machined_id, CONCAT(fixedappuuid, unixtime/432000))
Out of interest, how is using a HMAC different to just using the
machine-id appended with a salt, sha256'd?
I am not sure how you'd define "salt" in this case. Randomly generated
and stored somewhere? i mean, storing something somewhere is what
should really be avoided I think.
Also, you want to use standard primitives, and a HMAC is one that is
designed for purposes like this. For the reasons why a HMAC is
constructed the way it is, read the wikipedia page.
Lennart Poettering, Red Hat