> On May 8, 2015, at 10:20 AM, intrigeri <intrigeri@???> wrote:
>
> Source Valley wrote (08 May 2015 16:55:50 GMT) :
>> There are countless example I can think of where one might need a truly random mac
>> changer, here is just one example: If I'm sitting in a coffee shop and I'm the only
>> one with a Unique first 3 octet wifi card, then it wouldn't be too difficult to
>> reveal who I am.
>
> I don't understand. May you please clarify?
I assume this is the usual issue that someone observing the network can look up an OUI, here for example:
https://www.wireshark.org/tools/oui-lookup.html
and if it turns out to be distinctive— for example, used only in certain Dell-branded laptops— it could potentially identify the user if he or she is the only user with such a machine in the coffee shop at that moment.
Instead of completely randomizing the OUI, it may be better to select one randomly from a list of commonly-used OUIs.
But since wireless activity is usually correlated with keyboard use, it may not take long for an observer to correlate a given MAC address with a particular user unless some amount of random masking activity is generated. (Does Tails do this? Should it?)
If the observer notices that the actual MAC address is inconsistent with the user’s hardware, it may raise suspicions. Changing only the device-specific portion of the MAC address avoids this issue.
. png
