hashed user IDs [was: Re: Security of the gpg private keyring?]

Robert J. Hansen rjh at sixdemonbag.org
Thu Mar 10 06:17:25 CET 2011


On 3/9/2011 10:42 PM, Ben McGinnes wrote:
> Which brings us back to creating a pseudonym, using Tor (or other
> anonymising services), getting a disposable mail drop (or using
> alt.anonymous.messages) and going from there.  At the bare minimum.

Which brings us back to the elephant in the middle of the room: as far
as I can see there's no consensus on a use case for this feature.

Some people have a knee-jerk reaction to their email addresses being in
any searchable database and want their emails obfuscated.  Against this
threat, the proposed feature doesn't work: email addresses don't offer
enough entropy and the mechanism could be brute-forced.

Some people think they're going to take over the People's Republic of
Berkeley in a military coup and need to be able to deny their
connections to each other.  Against this threat, the proposed feature
doesn't work very well: while you could conceivably come up with an
email address with high enough entropy, it's easier to just use
anonymous services and dead-drop emails.

Has a use case been articulated for this feature, along with how this
feature would substantially advance the use case?  Because if not, one
really needs to be.



More information about the Gnupg-users mailing list