hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Sun Mar 13 14:32:02 CET 2011

Hash: SHA512


On Sunday 13 March 2011 at 5:48:55 AM, in
<mid:4D7C5AC7.70903 at adversary.org>, Ben McGinnes wrote:

> I think you're assuming a level of innate understanding
> of what can be done with every part of a UID by every
> user when they create a key. This is most definitely
> not the case.

I'm assuming a short descriptive paragraph in the gpg.man file plus
some good info becoming available over time in various "start up
guides" etc. by searching the web or mailing list archives or asking
on mailing lists, as with other GnuPG features. It doesn't matter if
people learn after the key is created because additional UIDs
containing extra hashes can be added later.

> As much as I find your idea interesting, I think I'd
> rather have the ability to search on sections of a UID.

Fair enough but I believe a person's desire to withhold their own
personal information outranks another person's desire to make use of
that personal information.

> If your hashed UID were an optional feature that were
> not enabled by default, I doubt I would object,

I would like hashing to be offered for the name and then again for the
email address, along with a one-liner that obscuring the information
in the UIDS offered minimal protection as described in gpg.man and
made it harder for other users to locate and use the key; if there's a
default answer it should be "No". Maybe others would feel it should be
only in expert mode, or perhaps enabled by a "hash-uid" option to the
"gen-key" command.

> but I
> think the current use of UIDs has value that I would
> not want to see superceded by the hashed version.

The main disadvantage I see in hashing the information is slightly
increased complexity in locating keys. That assumes the individual
would otherwise have a key containing his information unhashed. For
individuals whose UIDs would otherwise contain spurious or no
information, locating their key should become easier.

The search/research capability that you outlined would be reduced if
significant numbers of keys with only hashed UIDs came about, if
the organisations you are searching allow their people to use such

The impact on the WoT is unclear. One scenario is no change from the
current situation, where an individual who chooses not to reveal their
name and email address(es) in their UID has little chance of success
in finding people willing to provide certifications.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Yellow snow is not lemon flavoured


More information about the Gnupg-users mailing list