Timing test of GnuPG and old PGP
cultjuergens at yahoo.de
Tue Nov 4 01:44:53 CET 2003
> as long as we are talking about Disastry's version,
> would it be possible to have a feature in gnupg that is like
> Disastry's 'fake_keyid'/'random key_id' option,
> where he hides the anonymity of the 'throw key id' option, by
> 'any' keyid (fake or 'random') so that traffic analysis cannot even
> detect that anonymous/throw key-id messages are being sent,
Such an option would not only be nonsense, but dangerous. Imagine your
"random" key id actually is an existing real key id! The affected user
would not be amused... Would you check every fake key id you create
that it is not an already existing real key id?
If you really want a fake id, why not create a unique key for just one
"Hiding anonymity" with a fake key id makes no sense. Imagine you use
some kind of anonymous remailer or proxy or whatever to transmit such a
message, then you gain nothing with a fake key id, because the IP
adresses of those services are often well known and so every
eavesdropper will see that there's anonymous communication.
--throw-keyid has the advantage that you can use a trusted,existing key
and if your recipient receives such a message he/she can be confident
that there was no man-in-the-middle attack.
More information about the Gnupg-users