Many operating systems use the EUI-64 algorithm to generate IPv6 addresses. This algorithm derives the last 64 bits of the IPv6 address using the MAC address. Many see this as a privacy problem. The last half of your IP address will never change, and with MAC addresses being somewhat unique, the interface ID becomes close to a unique cookie identifying your system.
As a result, RFC3041 introduces privacy enhanced addresses which will change and are created by hashing the MAC address. Of course, each operating system has its own way to enable privacy enhanced addresses.
You can use netsh to enable and configure privacy enhanced addresses. Use
netsh interface ipv6 show privacy
to query the status, and
netsh interface ipv6 set privacy state=enabled
to enable it. In my testing, privacy enhanced addresses were enabled and I wasn't actually able to disable them (a possible bug?).
OS X uses the sysctl command to change various kernel parameters, including privacy enhanced addresses. By default, EUI-64 is used.
To enable, run ifconfig en0 up). However, to have this setting survive a reboot, create a file called /etc/sysctl.conf and add the line:
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.