Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] privacy with pgp keys



On 09/10/2015 04:23 PM, Mayuresh Rajwadkar wrote:
> hi
> 
> http://pgp.mit.edu/pks/lookup?search=b5d1f0f4&op=index
> 
> That uploaded key as a MD5 and SHA224 of the ID aka email...
> One can verify that the email and fingerprint I provide will match up to
> those hashes..
> Its not entirely impossible...

If I understand you properly, when somebody wants to communicate with
you, you would tell them something like:

> Take my name and email address, and run the following commands:
> $ UID='NAME <EMAIL>'
> $ echo -n $UID | md5sum
> $ gpg --search-keys `echo -n $UID | sha224sum | sed -e 's/ .*//'`
>
> Check the MD5 sums are the same, and make a note of the UUID, so you
> can use it whenever you want to encrypt something (or put it in your
> enigmail rules)

At that point, why not simply use something like minilock
(https://minilock.io/), where you just publish a 46-character public key?

> I do appreciate Derek's concern...
> 
> In my example I have used a UUID, which is the ultimate but one can use a
> FirstName/LastName
> which can be a little bit liberal, than providing an email address,
> embedding a thumb-print jpeg, or
> a IRIS-scan jpeg, or providing some kind of  DNA fingerprint/sequence would
> be kind a overly  liberal  ? than
> just an email address, which is also possible... if privacy is no
> concern...

This honestly just sounds ill suited to PGP. Given that PGP isn't very
popular, and is already inconvenient to learn and use, I'm not sure that
augmenting it with an extra layer of work for anybody wishing to
communicate with you is really compelling. Avoiding spam seems like a
losing proposition, no matter what.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org