hashed user IDs [was: Re: Security of the gpg private keyring?]
expires2011 at ymail.com
Sat Mar 12 20:37:33 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 10 March 2011 at 2:58:32 AM, in
<mid:4D783E58.5090205 at adversary.org>, Ben McGinnes wrote:
> I have. Many, many times. There's no point doing it
> for a free email service provider's domain (e.g.
> gmail.com), but sometimes there are advantages in
> checking for keys belonging to people at particular
> organisations (e.g. government departments). This is
> one of the reasons why I'd prefer MFPA's suggestion,
> were it ever implemented, to be optional rather than
> the default.
Whatever you do with user IDs is optional, since they are just a
free-text field. And of course a user wanting to make their key match
more searches could include extra UIDs with additional hashes. For
example John Smith <john.smith573 at example.com> could include hashes of
example.com and of john.smith. In any event, including the information
in hashed form should make the key more likely to be found than if the
info were not there at all.
> If that feature weren't available, I doubt I would've
> found this:
> pub 1024D/B3F77236 2000-09-21 uid
> Stephen Smith <stephen.smith.mp at aph.gov.au> sub
> 2048g/0E0EEE5F 2000-09-21
> Stephen Smith was in Opposition when he made that key,
> but now he's Minister of Defence.
If there was a point there other than curiosity value, it went way
over my head. (-:
MFPA mailto:expires2011 at ymail.com
COMMITTEE: A body that keeps minutes and wastes hours.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users