hashed user IDs [was: Re: Security of the gpg private keyring?]

Ben McGinnes ben at adversary.org
Sun Mar 13 17:39:49 CET 2011

On 14/03/11 12:32 AM, MFPA wrote:
> On Sunday 13 March 2011 at 5:48:55 AM, in
> <mid:4D7C5AC7.70903 at adversary.org>, Ben McGinnes wrote:
> I'm assuming a short descriptive paragraph in the gpg.man file plus
> some good info becoming available over time in various "start up
> guides" etc. by searching the web or mailing list archives or asking
> on mailing lists, as with other GnuPG features. It doesn't matter if
> people learn after the key is created because additional UIDs
> containing extra hashes can be added later.

Don't depend on the mailing lists, we're a very small subset of GPG
users.  All relevant documentation will need to be included for those
users where connectivity to the Internet is sporadic at best.

>> As much as I find your idea interesting, I think I'd rather have
>> the ability to search on sections of a UID.
> Fair enough but I believe a person's desire to withhold their own
> personal information outranks another person's desire to make use of
> that personal information.

That too is an understandable argument.  Especially when it comes to
searching the keyservers, but less easy to maintain in relation to
searches of a local keyring (as I discussed in my other message).

>> If your hashed UID were an optional feature that were not enabled
>> by default, I doubt I would object,
> I would like hashing to be offered for the name and then again for
> the email address, along with a one-liner that obscuring the
> information in the UIDS offered minimal protection as described in
> gpg.man and made it harder for other users to locate and use the
> key; if there's a default answer it should be "No". Maybe others
> would feel it should be only in expert mode, or perhaps enabled by a
> "hash-uid" option to the "gen-key" command.

I'd definitely say the default should be off and enabling it only via
expert mode would probably be wise.

> The main disadvantage I see in hashing the information is slightly
> increased complexity in locating keys. That assumes the individual
> would otherwise have a key containing his information unhashed. For
> individuals whose UIDs would otherwise contain spurious or no
> information, locating their key should become easier.

That appears to be the case.  Certainly for individuals like yourself
I can see the appeal.

> The search/research capability that you outlined would be reduced if
> significant numbers of keys with only hashed UIDs came about,

Yes.  Although to be honest, even if this feature were added, I don't
see it becoming very popular.

> if the organisations you are searching allow their people to use
> such UIDs.

That would require an OpenPGP policy being adopted which is not
exactly common with most organisations.

> The impact on the WoT is unclear. One scenario is no change from the
> current situation, where an individual who chooses not to reveal
> their name and email address(es) in their UID has little chance of
> success in finding people willing to provide certifications.

I doubt there would be much change, although it does raise another
question: if you have a key that only has hashed UIDs of your real
name and email address(es), would you wish to prevent signatures of
your key from contacts who did not use the hashing function?  If the
concern is preventing your personal information being revealed and
someone who knows you, but is less concerned about this is willing to
sign your key, would you attempt to stop them?  After all, a
relationship could be determined by their identity and if there were
enough such signatures from people you know in real life, it may be
possible to determine your identity that way.

It seems that the only real strength the hashed UID has is if it is
adopted by every user, regardless of whether they want it or not.

Anyway, the more we discuss this, the less likely it appears that it
will be added to either GnuPG or any of the commercial PGP products,
let alone the RFCs.

Still, the advantage of GnuPG is that it is released under the GPL
(version 3, last time I checked), so there's nothing stopping you from
creating your own fork to add the feature.  If it became popular
through practical example then the chances of the feature being
incorporated in the main release would be vastly increased.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/d6f944a8/attachment.pgp>

More information about the Gnupg-users mailing list