@Mark McClain So far we have not considered UUID guessing a valid attack vector as UUID is a sufficiently long and random number. Trusting UUID is an acceptable tradeoff as long as they are random.
From a vulnerability point of view, I don't think we are willing to support system with low entropy/randomness.
So the question is, what makes the described system vulnerable to UUID guessing...
Is it OpenStack code that does not work as intended and lower system randomness ?
Is it a third party system/drivers that does not provide enough entropy ?
Or is it a bad configuration/faulty hardware ?
@Mark McClain So far we have not considered UUID guessing a valid attack vector as UUID is a sufficiently long and random number. Trusting UUID is an acceptable tradeoff as long as they are random.
From a vulnerability point of view, I don't think we are willing to support system with low entropy/randomness.
So the question is, what makes the described system vulnerable to UUID guessing... faulty hardware ?
Is it OpenStack code that does not work as intended and lower system randomness ?
Is it a third party system/drivers that does not provide enough entropy ?
Or is it a bad configuration/