On May 18, 2007, at 1:54 PM, Holger Levsen wrote: >> Backups are retrieved >> from the server by virtue of a laptop's UUID -- not a >> cryptographic key >> -- so the *only* instance where you have to ask a teacher to obtain a >> backup is when your laptop was destroyed. > > Otherwise I can get it back by just asking the server and telling > the server > the machines UUID?
Yes. When a machine is first booted after a software install, it will contact any nearby school server for its unlocking key. This key will be provided immediately for a school's designated laptops. This process is independent of any backup restore mechanism. The second step, taken after a child has typed in their nickname and selected a color, is to contact any nearby school server to register the nickname and look for updates. Here again, the basic identifier is the UUID. > Is(nt) the UUID the laptops hostname and thus public? So > anybody can request anybodys backup? No. The UUID of a laptop is relatively hidden. It is a large number, assigned in a non-contiguous fashion at manufacture, along with the serial number. Both are never modified by OLPC software, and stored in a manner which hopefully prevents them from being easily changed in any other manner (if you can subvert them, you can subverted the entire anti-theft system.) The UUID is not printed anywhere on the laptop and never displayed. It is not used as a host name, and is never sent over the network in the clear. Does using the UUID in conjuction with the serial number strengthen or weaken the security ? My assumption so far has been a use of the Unix user model for files backed up on the server. But we probably don't want the UUIDs listed in the world readable /etc/passwd file. The nickname is non- unique, making it a poor choice of username. Can we use the laptop serial number ? Comments ? wad _______________________________________________ Devel mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/devel
