[Whonix-devel] Avoiding real MAC address in Tails macchanger being harmful?

Patrick Schleizer patrick-mailinglists at whonix.org
Thu Nov 26 20:52:20 CET 2015


Tails does verify, that randomly chosen MAC does not equal the real MAC
by chance.

>From tails-spoof-mac [1] (code: [A])

> # There is a 1/2^24 chance macchanger will randomly pick the real MAC
> # address. We try to making it really unlikely repeating it up to
> # three times. Theoretically speaking this leaks information about the
> # real MAC address at each occasion but actually leaking the real MAC
> # address will be more serious in practice.

quu9ohch [2] [3]:
> P.S. Avoiding the "real" mac address is a bogus approach as well. If
all users were to avoid their real mac addresses all the time then, with
enough data, a local passive adversary could identify each user by
estimating which mac address they never pick. [3]

marmarek:
> If you _randomly_ hit your own MAC address, I think this isn't a
problem at all. Actually changing that behavior may introduce some bias
in that randomness. But if you're talking about some error which results
in not changing the MAC (even if randomly chosen one was different than
original), that's the problem.

Cheers,
Patrick

[1]
https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
[2] https://github.com/quu9ohch
[3]
https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-155684781
[4]
https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-151239727
[A]
for i in 1 2 3; do
    if ! spoof_mac "${NIC}"; then
        # If our MAC spoofing primitive fails, we fail safe by forcing
        # us to enter into panic mode.
        unset NEW_MAC
        break
    fi
    NEW_MAC="$(get_current_mac_of_nic "${NIC}")"
    if [ "${OLD_MAC}" != "${NEW_MAC}" ]; then
        break
    fi
done


More information about the Whonix-devel mailing list