hashed user IDs [was: Re: Security of the gpg private keyring?]

Ben McGinnes ben at adversary.org
Sun Mar 20 19:31:49 CET 2011


On 20/03/11 1:52 PM, MFPA wrote:
> On Sunday 13 March 2011 at 4:39:49 PM, in
> <mid:4D7CF355.3050606 at adversary.org>, Ben McGinnes wrote:
>>
>> That too is an understandable argument.  Especially when it comes
>> to searching the keyservers, but less easy to maintain in relation
>> to searches of a local keyring
> 
> Whether on a keyserver or on your local keyring, I see little
> difference.

Which just shows how your use differs with that of others.  I have a
number of keys on my keyring and when I list them I like to see which
key belongs to which identity/account (I don't care if it's a real
name or not, just as long as I can see something that makes sense to
me).  Hashed IDs, depending on how common they became, would make this
and key management difficult.

> Keys that exist on local keyrings sooner or later tend to end up on
> keyservers.

True.

> The first two or three times I looked at PGP and GnuPG, I found the
> apparent requirement to include personal information in user IDs
> repulsive and therefore moved on without any further study. A
> feature such as this might have attracted me to study further and
> maybe adopt sooner.

No offence, but I think this is more a lack of imagination.  I think
my second key ever used a pseudonym with no email address or comment
and it was made the same day as my first one.

> Burying it in expert mode, and thereby branding it as nonsensical or
> silly and for experts only, would have effectively rendered it
> invisible to me.

Perhaps.  As long as it is not a default option and it is well and
truly clear what limited privacy options it provides.  It would be too
easy for people just discovering it to believe that it provides
greater security than it really does.

> A scheme such as this would allow the user, without publishing their
> personal information, to publish a key that others could locate and
> use. That is not the same thing as preventing their personal
> information being revealed.

True, but if the aim is not publishing personal information in the
clear, then other means of revealing that same information make this
"protection" little more than an annoyance to others.

>> After all, a relationship could be determined by their identity and
>> if there were enough such signatures from people you know in real
>> life, it may be possible to determine your identity that way.
> 
> Maybe inferred rather than determined.

Perhaps inferred is better, at least at first.

> You could have gone to a keysigning party and met a group of people
> who knew each other in real life but you'd never seen any of them
> before.

True.

> And working out who you are in real life wouldn't necessarily reveal
> your email addresses or any other identities you had in hashed user
> IDs.

Okay.

> (You might have your name unhashed and only be hashing your email
> addresses.)

Alright, I can see how some might find that useful.

>> It seems that the only real strength the hashed UID has is if it is
>> adopted by every user, regardless of whether they want it or not.
> 
> Why?

If all the UIDs were hashed then it would be considerably more
difficult to determine the identity of one of them, even if they had
signed each others' keys than if only one person had their name and
addresses hashed.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/bdf56135/attachment.pgp>


More information about the Gnupg-users mailing list