Reply to post:

TfL to track Tube users in stations by their MAC addresses


Hashing it wouldn't do much in itself. It's easy to just bruteforce all possibilities - it's only 48 bits long, and the first part of it is the vendor ID which has a limited amount of likely candidates to try.

One option would be a keyed hash, but then you better keep the key in a HSM with rate limiting of the hashing operations.

Another option would be to deliberately make the hash so small there will be a lot of collisions if you search the entire space, but this might affect accuracy of the data collection to some extent if it's too small. You could probably tune the length if you have a good idea of the number of unique devices encountered beforehand.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020