hashed user IDs [was: Re: Security of the gpg private keyring?]

Ben McGinnes ben at adversary.org
Thu Mar 10 04:42:25 CET 2011

On 10/03/11 2:10 PM, Robert J. Hansen wrote:
> I think it should also be noted that if I was serious about trying to
> overthrow a government, I'd create a bare certificate without a name or
> an email address on it.  I'd also use it as infrequently as possible and
> try to avoid any technology more complicated than, say, a wheel, lever,
> or inclined plane.

Heh.  Trying to topple any government is definitely on the hazardous
side of things.  In general they're either large enough to have
enormous resources to track you down or small and dodgy enough to just
send a hit team.  Or both.

> GnuPG will not keep your communications secure against major adversaries
> who are willing to torture you for so long you think you've made an
> unfortunate lateral career move.  It's just a tool in the toolbox.
> You're going to need the rest of the toolbox, too.

Which brings us back to creating a pseudonym, using Tor (or other
anonymising services), getting a disposable mail drop (or using
alt.anonymous.messages) and going from there.  At the bare minimum.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/49696c05/attachment.pgp>

More information about the Gnupg-users mailing list