hashed user IDs [was: Re: Security of the gpg private keyring?]

Hauke Laging mailinglisten at hauke-laging.de
Thu Mar 10 01:03:14 CET 2011


Am Mittwoch 09 März 2011 14:39:35 schrieb Robert J. Hansen:

> 2.  To really gain benefit from this scheme, you must:
> 
>         (a) have a non-trivially-brute-forceable email address
>         (b) want to be able to hide your email address

> 3.  Deploying this scheme means:
> 
>         (a) people can no longer do fuzzy searches for email
>             addresses ("show me all user IDs that look like this
>             pattern")
>         (b) finding people's certificates may be made more
>             difficult due to (a)
> 
> 4.  My suspicion is the number of users covered by (2) is pretty small.

As we all know you love anecdotal evidence, here's mine: You are probably 
right but consider two points:

1) Today there is no use in obeying the (2) rules. If such a feature is 
implemented then those who are interested in using it will consider creating 
new email addresses according to (2). Nonetheless the number of interested 
users may be small (but increasing with increasing public attention to privacy 
problems besides reading mail contents).

2) gpg offers a lot of features which I guess are used (and even known) by a 
small share of its users. Nonetheless they got implemented. Obviously the main 
argument is not the number of users but the quality of the software. There is 
a whole section "Doing things one usually doesn't want to do." in the man 
page. I guess it contains more than 80 options.


>  My suspicion is the number of users impacted by (3) is pretty large.

I have never done that. I cannot iamagine why this should be important to 
anyone. You know which email address you are going to write to, don't you? 
OpenPGP should not prevent new features because somebody abuses the 
infrastructure as a kind of address book.

More important: Not everyone is going to do this. Those people who regard it 
important to protect their addresses and names really don't care about 
convenience (if the alternative is omitting the feature).

It might make sense to print a warning if a user activates this hashing 
feature for a UID with an email address which is obviously not brute force 
safe.

And in contrast to Werner I do believe that signatures are going to kill the 
spam problem one day. :-)


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110310/b857c810/attachment-0001.pgp>


More information about the Gnupg-users mailing list