hashed user IDs [was: Re: Security of the gpg private keyring?]

Robert J. Hansen rjh at sixdemonbag.org
Sat Mar 12 21:24:34 CET 2011


On 3/12/2011 3:10 PM, MFPA wrote:
> After generating the list of possible email addresses, why would a
> spammer generate the hashes and search for keys instead of simply
> blasting out messages to the whole lot?

Beats me.  You're the one who's assuming someone wants to harvest email
addresses.  Imagining a spammer behind it is just part of a thought
exercise.  Focus on the real issue -- that this scheme you're proposing
is not secure against an even mildly motivated attacker -- not who the
prospective attacker is.



More information about the Gnupg-users mailing list