hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Wed Mar 2 04:21:25 CET 2011

Hash: SHA512


On Wednesday 2 March 2011 at 1:43:45 AM, in
<mid:4D6DA0D1.20900 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:

> On 03/01/2011 08:05 PM, MFPA wrote:
>> My analogy, admittedly not a direct comparison, would be having a
>> phone number that is ex-directory. It is no defence against random
>> dialling, nor against your number being recorded from outgoing calls
>> if you don't take steps such as withholding the CLI, nor against
>> somebody who has your number passing it on without your permission.
>> Despite these failings there is still benefit in being ex-directory.

> What are those benefits?

The benefits of your phone number being ex-directory are the benefits
that derive from it being harder for people to obtain your phone
number without your permission, harder to link the number to your
name/address, and impossible to find your address or phone number by
looking in the phone book.

A key that had only hashed UIDs would have analogous benefits relating
to email address instead of phone number and to keyserver instead of
phone book.

A key with some hashed and some human-readable UIDs would perhaps be
like having two phone numbers, one listed and the other ex-directory.

> Are they worth the tradeoff
> of having a large number of non-human-readable User
> IDs?

Depends who evaluates the worth, how they evaluate it, and if you
accept that is really the trade-off.

I use different email addresses with different contacts and change
some email addresses regularly. Hashed UIDs would allow hiding my
email addresses from the people they are not used with, as well as
preventing a human-readable set of defunct email addresses. If I
included my email addresses in hashed UIDs, they are not
human-readable but could still be used to find/identify my key and
maybe even facilitate opportunistic encryption. At the moment I cannot
usefully include them hashed, so I don't include them at all. For my
own key, to me the trade-off is if hashed but still useful I will
include, if human-readable I will not. For somebody else encountering
my key, the trade-off is the email address they want to match is
either in a hashed user ID or it's in no user ID at all.

What is the disadvantage of a large number of non-human-readable User
IDs on a key? The User ID that I am using at the time (eg to select a
key) is useful, all others are irrelevant noise and may as well not be

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Lotto: A tax on people who are bad at statistics!


More information about the Gnupg-users mailing list