hashed user IDs [was: Re: Security of the gpg private keyring?]
Robert J. Hansen
rjh at sixdemonbag.org
Wed Mar 9 14:24:12 CET 2011
On 3/9/2011 8:11 AM, Ben McGinnes wrote:
> Personally, I think it's an interesting idea and I can see the value
> in it, but I'm not sure there are enough people really pushing for it
> (yet). With things like the data retention legislation being pushed
> in Europe, Australia and other countries, that may change.
It seems like this is really close to asking for private stream
searching, which would be the next logical step -- some way for the
client to query the database for a record in such a way there is no way
for the database to know what was queried. This may sound alluring, but
it's an ephemera. The current best-known PSS algorithm requires about
one zebibyte of traffic to do a ten-character ASCII search.
These sorts of blinded searches are really tempting, but there are
enormous theoretical hurdles to be cleared. I would respectfully
suggest that if any discussion moves to PSS-type functionality, that
discussion be headed off at the pass. :)
("Private searching on streaming data" by R. Ostrovsky: PDF available at
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.78.631&rep=rep1&type=pdf
).
More information about the Gnupg-users
mailing list