hashed user IDs [was: Re: Security of the gpg private keyring?]
Robert J. Hansen
rjh at sixdemonbag.org
Sat Mar 12 21:24:34 CET 2011
On 3/12/2011 3:10 PM, MFPA wrote:
> After generating the list of possible email addresses, why would a
> spammer generate the hashes and search for keys instead of simply
> blasting out messages to the whole lot?
Beats me. You're the one who's assuming someone wants to harvest email
addresses. Imagining a spammer behind it is just part of a thought
exercise. Focus on the real issue -- that this scheme you're proposing
is not secure against an even mildly motivated attacker -- not who the
prospective attacker is.
More information about the Gnupg-users