To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=51501
------- Additional comments from [EMAIL PROTECTED] Thu Jul 7 08:00:23 -0700 2005 ------- I think the first priority is to figure out what the scores of other places in the code that use this dangerous sort of UUID do with them, and if any are being disclosed by OO 1.1. Here are a few thoughts on how to fix this. Besides the disclosure of the hardware address, the presence of multiple timestamps also can disclose undesirable information. In this example, two UUIDs are generated one after the other each of which has an independent time stamp with 100 ns resolution. Observers can derive guesses as to the speed of the processor by comparing the times, which could also compromise anonymity in some cases. The rtl_createUuid function is currently called with the "bUseEthernetAddress" argument set to sal_True. Setting it to false appears to substitute a 6-byte random value for the ethernet address. But given the timestamp issues, I'd recommend going with what others have done and suggested, which is using a Version 4 UUID which has nothing but type info and random bits. It would only take a bit more code and shouldn't add much time, since a pseudo-random-number generator is used, and secure random numbers don't seem to be important for this case. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
