Comment 1 for bug 1380669
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
@Mark McClain So far we have not considered UUID guessing a valid attack vector as UUID is a sufficiently long and random number. Trusting UUID is an acceptable tradeoff as long as they are random.
From a vulnerability point of view, I don't think we are willing to support system with low entropy/randomness.
So the question is, what makes the described system vulnerable to UUID guessing...
Is it OpenStack code that does not work as intended and lower system randomness ?
Is it a third party system/drivers that does not provide enough entropy ?
Or is it a bad configuration/