hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Sun Mar 13 13:37:23 CET 2011

Hash: SHA512


On Saturday 12 March 2011 at 11:06:14 PM, in
<mid:4D7BFC66.3040301 at sixdemonbag.org>, Robert J. Hansen wrote:

> If nobody's looking for people's email addresses, then
> there's no need to not publish email addresses.

That assumes that there is no need to obscure a piece of information
unless it is known that somebody is actively looking for the
information. In my world you obscure certain information simply
because it is nobody else's business. Just like you move stuff to the
drawer or filing cupboard because there is an offchance that somebody
walking through the office might read it if left on the desk, not
because you think they are specifically looking for it.

> And if
> there's a need to not publish email addresses, that's
> because somebody's looking for them.

That suggests that all information should be published unless it can
be demonstrated there is a compelling reason to not publish. Whilst
this is true for some categories of information, it is not universally
true for all information. Much information relating to corporations or
individuals would not be published unless there were a compelling
reason to publish.

My email addresses are personal contact information relating to me as
an individual. I know of no reason to publish any of my email
addresses to anybody other than those with whom I use that email
address to communicate; they are quite simply nobody else's business.
In the absence of a reason to publish, there is no requirement for a
reason to not publish.

> It is not good enough right now to prevent an even
> moderately skilled attacker from recovering email
> addresses.

Just like a moderately skilled attacker could look in the desk drawer
or filing cabinet, or could open the envelope that obscures a bank
statement or telephone bill. Those schemes are good enough for the
minimal level of protection they seek to provide.

> This scheme offers the illusion of security instead of
> actual security:

It offers no such thing. In order to be an illusion it would need to
be fooling somebody. The scheme was never claimed to offer security
against any form of attack more severe than casual snooping, and never
could because anybody could add signatures to the key that stated the
unhashed version of any of the hashed strings.

The scenario of a spammer brute-forcing and then spamming was
interesting, if a little esoteric. Usually, spamming subsides after a
few weeks and (aside from a certain amount of irritation and wasted
time) is of little consequence. If the spammer published a list
enumerating the email accounts that went with the particular key ID
then it might be a significant attack against this scheme. Even then,
it would have little relevance unless the list (or maybe a link to it)
were in a signature appended to the key.

> and I feel selling people an illusion
> is a deeply corrupt act.

Insurance companies, amongst others, earn billions by doing just that.
But this scheme is no illusion; I am aware of no pretence that it
offers anything it does not.

> I mean, really, is that what you want to sell?  Or
> should this be taken as a, "the idea of blinded UIDs is
> a good one, but this idea is inadequate and should be
> taken back to the drawing board"?

It depends on the reason for wishing to use blinded UIDs. You have
demonstrated limitations to this idea; I still believe it to be
adequate for my purposes. More thought is needed, followed by further
discussion at some point.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Wise men learn many things from their enemies.


More information about the Gnupg-users mailing list