Security of the gpg private keyring?

Grant Olson kgo at grant-olson.net
Tue Mar 1 01:44:22 CET 2011


On 2/28/11 7:09 PM, Daniel Kahn Gillmor wrote:
> On 02/28/2011 06:38 PM, David Shaw wrote:
>> I think the problem here is the large size of the deployed infrastructure that expects user IDs to have email addresses in them combined with the relatively few people who are asking for this feature.  To make this change, you'd have to have a keyserver that could search in that manner, plus client support to make the hashes when talking to the keyserver, etc.  You'd have to handle the very-small-but-non-zero chance of a hash collision in the user ID, too.
> 
> the folks in the monkeysphere project have put some thought and work
> into trying specify how this sort of thing should be approached.
> 
> however, i'm not convinced that hashed user IDs saves much against even
> a moderately dedicated attacker, for the same reason that dan bernstein
> rightly points out the failure of NSEC3 to avoid zone enumeration:
> 
>  http://dnscurve.org/nsec3walker.html
> 
> 	--dkg
> 

I was actually just thinking about monkeysphere with regards to this
topic.  You guys basically came up with a loose pretty-obvious standard
for key names and wrote the tools from there.  Ultimately, the
keyservers don't care or need to know what a UID is at all.

I think something similar could be done with hashed emails.  Just some
(non)standard like:

hashed_uid://$SHA1_OF_EMAIL/$RIPEMD_OF_EMAIL

But using something better than my obviously naive hash-collision
prevention algorithm.

If that could be agreed on, you could probably get a few mailing list
regulars to add that ID in addition to their normal UIDs.  From there
start with a shell script that writes out a correct 'gpg --search-keys'
request.  Then on to more advanced things, like adding hashed_uid search
to the default sks-keyserver pages, enigmail integration, etc.

Really the only problem is that MFPA is stuck doing all the work until
(if ever) the (non)standard starts to take off.  And it's a lot of work.

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/2dea5cba/attachment.pgp>


More information about the Gnupg-users mailing list