Comment by chias
6 years ago
In fairness, the guidelines they reference suggest you do exactly what the comment says they're doing (assuming they're keying the hash). The guidelines seem explicitly written with the idea that unique identifiers _derived from_ this value are not similarly quarantined, provided that you cannot take the derived value and "reverse" it back to the original identifier.
Quoting from https://www.freedesktop.org/software/systemd/man/machine-id....:
This ID uniquely identifies the host. It should be considered "confidential", and must not be exposed in untrusted environments, in particular on the network. If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be used directly. Instead the machine ID should be hashed with a cryptographic, keyed hash function, using a fixed, application-specific key. That way the ID will be properly unique, and derived in a constant way from the machine ID but there will be no way to retrieve the original machine ID from the application-specific one.
> Instead the machine ID should be hashed with a cryptographic, keyed hash function, using a fixed, application-specific key.
Reading https://cs.chromium.org/chromium/src/chrome/browser/policy/b..., I do not not see it being hashed with a key, just unkeyed sha1.
I think it doesn't make much sense to protect it because in popular Linux distributions an unprivileged user can access such identifiers as MAC addresses of network interfaces, HDD serial numbers etc.
> If a stable unique identifier that is tied to the machine is needed for some application,
Ideally there should be no stable identifiers accessible to untrusted applications.
Now go and read http://jdebp.uk./Softwares/nosh/guide/commands/machine-id.xm... and RFCs 3041 and 4941.
What else is going to break if one randomises that ID (per boot or per hour, say)?
What about running Chrome inside a container?
What about not running Chrome?