Feature request: use random MAC addresses when scanning

Björn Smedman bs at anyfi.net
Thu Jun 12 21:20:45 EDT 2014


On Thu, Jun 12, 2014 at 9:14 PM, Dan Williams <dcbw at redhat.com> wrote:
> On Thu, 2014-06-12 at 12:25 -0500, Dan Williams wrote:
>> On Wed, 2014-06-11 at 01:00 +0200, Björn Smedman wrote:
>> > Please don't use random MAC addresses without thinking it through
>> > carefully. Depending on how you do it a whole lot of good things can
>> > break:
>> >
>> > 1. Software-Defined Networking (SDN), arguably the most promising
>> > trend in networking research today relies heavily on MAC addresses as
>> > unique identifiers. A growing body of work applying SDN principles to
>> > Wi-Fi (e.g. CloudMAC [1], Odin [2] and our very own Anyfi.net [3])
>> > uses the MAC address in probe requests to do *good*, like providing
>> > seamless and secure access to your favorite Wi-Fi networks on the go
>> > [4].
>>
>> (Preface: I'm curious how Apple does the randomization for Probe
>> Response frames; is that for hotspot/IBSS?  Anyway...)
>>
>> I'm not sure how any of this would be affected by random MAC addresses
>> when *scanning* though, could you explain?  I'm also assuming that when
>> communicating with the AP to which you are actually associated, or which
>> you would like to associate at some point in the future (ie, including
>> preauthentication), the device would use its normal MAC address.  Thus
>> when the AP/network is actually servicing the client and dedicating
>> resources to it, the MAC address would be correct and known.
>
> So it's been explained to me, and I actually went and read the stuff all
> the way through now.

Thanks for taking the time! :)

> Yes, randomized MACs when scanning will likely break the AnyFi products.
> But at least at this point, won't they all be broken for iOS 8 users too?

Probably not, because in the most important use-case, "end-user
disables keylock", it's much more reasonable to prioritize
connectivity. Otherwise hidden networks and who knows what else will
also fall to the ground. We have good reason to think they won't do
that.

In standby on the other hand it makes sense to prioritize privacy. I
don't see much problem with that (even if it does in some theoretical
sense "break" our stuff).

Björn


More information about the HostAP mailing list