Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 26 00:19:56 CET 2012 

Hi Vedaal--

i'm confused by your proposal.  some clarifying questions follow:

On 01/25/2012 04:31 PM, vedaal at nym.hush.com wrote:

> [1] The person who wants to create a new key, first generates a 
> symmetrically encrypted gnupg message, and decrypts it and gets the 
> session key.

This seems like it might just be an elaborate way to ask for a random
number, but i'm not sure what the intent is.  Is it just trying to get a
decent-sized chunk of randomness?  or is there another purpose?  if it's
just about randomness, rephrasing more simply might make this clearer.

> [2] Hash the [(preferred key name)+(seesion key)+(e-mail address)]

What is the "preferred key name" ?  are you expecting users to name
their keys?

> [3] Generate the key with the uid of 
> [(preferred key name)+(session key)+(e-mail address)]

What happened to the hash here?  are you suggesting that the User ID is
the digested form or the non-digested form?

> [4] Identify the key to the server by the hash.

OpenPGP certificates are handed to the keyserver as is; the keyserver
chooses how to index them.  What do you mean by "identify the key to the
server by the hash" ?

> These steps would defeat harvesting tools enumerating the low 
> entropy names and hash ranges.

I'm still not sure i follow.  Can you explain more?  How would these
keys be identified by a user searching for them?  How would third
parties verify the user ID before signing?

> Personally, I agree with David Shaw, that the problem can be 
> avoided by just generating a random UID (maybe a truncated session 
> key) and giving the fingerprint and UID to anyone who wants to look 
> it up on the keyserver, as well as the e-mail address separately to 
> whomever the user wants to correspond with.)

how does your proposal above compare to David Shaw's (seemingly simpler)
proposal, or to the proposal i outlined elsewhere in this thread?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120125/cbb95278/attachment.pgp>

More information about the Gnupg-users mailing list