Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jan 26 00:19:56 CET 2012
i'm confused by your proposal. some clarifying questions follow:
On 01/25/2012 04:31 PM, vedaal at nym.hush.com wrote:
>  The person who wants to create a new key, first generates a
> symmetrically encrypted gnupg message, and decrypts it and gets the
> session key.
This seems like it might just be an elaborate way to ask for a random
number, but i'm not sure what the intent is. Is it just trying to get a
decent-sized chunk of randomness? or is there another purpose? if it's
just about randomness, rephrasing more simply might make this clearer.
>  Hash the [(preferred key name)+(seesion key)+(e-mail address)]
What is the "preferred key name" ? are you expecting users to name
>  Generate the key with the uid of
> [(preferred key name)+(session key)+(e-mail address)]
What happened to the hash here? are you suggesting that the User ID is
the digested form or the non-digested form?
>  Identify the key to the server by the hash.
OpenPGP certificates are handed to the keyserver as is; the keyserver
chooses how to index them. What do you mean by "identify the key to the
server by the hash" ?
> These steps would defeat harvesting tools enumerating the low
> entropy names and hash ranges.
I'm still not sure i follow. Can you explain more? How would these
keys be identified by a user searching for them? How would third
parties verify the user ID before signing?
> Personally, I agree with David Shaw, that the problem can be
> avoided by just generating a random UID (maybe a truncated session
> key) and giving the fingerprint and UID to anyone who wants to look
> it up on the keyserver, as well as the e-mail address separately to
> whomever the user wants to correspond with.)
how does your proposal above compare to David Shaw's (seemingly simpler)
proposal, or to the proposal i outlined elsewhere in this thread?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users