Timing test of GnuPG and old PGP

Karoshi cultjuergens at yahoo.de
Tue Nov 4 01:44:53 CET 2003


> btw,
>
> as long as we are talking about Disastry's version,
> would it be possible to have a feature in gnupg that is like
> Disastry's 'fake_keyid'/'random key_id' option,
> where he hides the anonymity of the 'throw key id' option, by
> allowing
>
> 'any' keyid (fake or 'random') so that traffic analysis cannot even
> detect that anonymous/throw key-id messages are being sent,

Such an option would not only be nonsense, but dangerous. Imagine your 
"random" key id actually is an existing real key id! The affected user 
would not be amused... Would you check every fake key id you create 
that it is not an already existing real key id?

If you really want a fake id, why not create a unique key for just one 
singular message/purpose?

"Hiding anonymity" with a fake key id makes no sense. Imagine you use 
some kind of anonymous remailer or proxy or whatever to transmit such a 
message, then you gain nothing with a fake key id, because the IP 
adresses of those services are often well known and so every 
eavesdropper will see that there's anonymous communication.

--throw-keyid has the advantage that you can use a trusted,existing key 
and if your recipient receives such a message he/she can be confident 
that there was no man-in-the-middle attack.





More information about the Gnupg-users mailing list