hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Sun Mar 20 03:52:33 CET 2011

Hash: SHA512


On Sunday 13 March 2011 at 4:39:49 PM, in
<mid:4D7CF355.3050606 at adversary.org>, Ben McGinnes wrote:

> On 14/03/11 12:32 AM, MFPA wrote:
>> Fair enough but I believe a person's desire to
>> withhold their own personal information outranks
>> another person's desire to make use of that personal
>> information.

> That too is an understandable argument.  Especially
> when it comes to searching the keyservers, but less
> easy to maintain in relation to searches of a local
> keyring

Whether on a keyserver or on your local keyring, I see little
difference. Keys that exist on local keyrings sooner or later tend to
end up on keyservers.

>> I would like hashing to be offered for the name and
>> then again for the email address, along with a
>> one-liner that obscuring the information in the UIDS
>> offered minimal protection as described in gpg.man and
>> made it harder for other users to locate and use the
>> key; if there's a default answer it should be "No".
>> Maybe others would feel it should be only in expert
>> mode, or perhaps enabled by a "hash-uid" option to the
>> "gen-key" command.

> I'd definitely say the default should be off and
> enabling it only via expert mode would probably be
> wise.

The first two or three times I looked at PGP and GnuPG, I found the
apparent requirement to include personal information in user IDs
repulsive and therefore moved on without any further study. A feature
such as this might have attracted me to study further and maybe adopt
sooner. Burying it in expert mode, and thereby branding it as
nonsensical or silly and for experts only, would have effectively
rendered it invisible to me.

> if you have a key that only has
> hashed UIDs of your real name and email address(es),
> would you wish to prevent signatures of your key from
> contacts who did not use the hashing function?

No I would not wish to prevent them. Anyway, I'm not convinced that a
mechanism to enforce the keyserver-no-modify flag is possible. In the
absence of such a mechanism, wishing is about all you could do to
prevent such signatures.

>  If the
> concern is preventing your personal information being
> revealed and someone who knows you, but is less
> concerned about this is willing to sign your key, would
> you attempt to stop them?

I would not seek to stop them, and if I did they might not listen.

A scheme such as this would allow the user, without publishing their
personal information, to publish a key that others could locate and
use. That is not the same thing as preventing their personal
information being revealed.

> After all, a relationship
> could be determined by their identity and if there were
> enough such signatures from people you know in real
> life, it may be possible to determine your identity
> that way.

Maybe inferred rather than determined. You could have gone to a
keysigning party and met a group of people who knew each other in real
life but you'd never seen any of them before. And working out who you
are in real life wouldn't necessarily reveal your email addresses or
any other identities you had in hashed user IDs. (You might have your
name unhashed and only be hashing your email addresses.)

> It seems that the only real strength the hashed UID has
> is if it is adopted by every user, regardless of
> whether they want it or not.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Look, it's a hat! It's not going to hurt you.


More information about the Gnupg-users mailing list