hashed user IDs [was: Re: Security of the gpg private keyring?]

chr0n0 rookcifer at gmail.com
Thu Mar 10 12:09:04 CET 2011


If one really wanted to overthrow the "People's Republic of Berkeley," using
obfuscated e-mail addresses with the proposed methods outlined in this
thread would be akin to inventing a solution for a problem that doesn't
exist.  There are already numerous methods for off-the-record encrypted
communications.  Indeed, OTR was to devised as a protocol that allows
encrypted and authenticated communications without having to be a slave to
an interminable digital signature that might come back to haunt you.

As for remaining anonymous, one can merely connect to the IM server via Tor
or some other similar method.  Or one could even run their own P2P IM
software like XMPP thus cutting out the middle man.  Another option is a
hidden .onion IRC service or a SILC chat conference.  If one is really bent
on using e-mail, one can merely create a throw-away address using Tor and
then create a throw-away GPG key.  There are numerous ways to do this
already.

OpenPGP's goal is not anonymity or deniability.  If you want that, there's
better protocols and methods as Robert Hansen has hinted at already.
-- 
View this message in context: http://old.nabble.com/Security-of-the-gpg-private-keyring--tp31031263p31114600.html
Sent from the GnuPG - User mailing list archive at Nabble.com.




More information about the Gnupg-users mailing list