hashed user IDs [was: Re: Security of the gpg private keyring?]
mailinglisten at hauke-laging.de
Thu Mar 10 11:23:56 CET 2011
Am Donnerstag 10 März 2011 06:17:25 schrieb Robert J. Hansen:
> while you could conceivably come up with an
> email address with high enough entropy, it's easier to just use
> anonymous services and dead-drop emails.
Of course, you can create a key with UIDs without name and email only but such
keys are not very comfortable to have in your keyring ("What's that?"). Of
course, you can add a UID annotation feature without having the hashing
But not having the hashing feature makes it more difficult to get the key (and
key updates). Keyserver access is pretty anonymous. If you put keys on a
website (the address of which the one can have given you who gave you the non-
public email address) then that is another way to try to reveal the identity
of the communication partner.
I appreciate your effort to consider the problem as a whole. It would be a
pity to create something that turns out to be useless in the end. But that is
not a problem here any longer: Those people who just want to protect their
social connections by signing other keys without revealing their identity to
those who don't know it already have no need to cover their target addresses
because the marketing people and "just curious" normal ones are not capable of
reading their email traffic. So there already is a use case. Your objections
for the high security cases are very good to raise awareness but point outside
the gnupg sphere.
You made a brute force calculation. Why should keyservers allow brute force
searches for hash IDs? If you use millions of remotely controlled idiot PCs
simultaneously for that then it may be hard to track them but then we are
close to a DoS, aren't we?
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users