-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Saturday 12 March 2011 at 8:24:34 PM, in <mid:4d7bd682.2020...@sixdemonbag.org>, Robert J. Hansen wrote: > On 3/12/2011 3:10 PM, MFPA wrote: >> After generating the list of possible email addresses, why would a >> spammer generate the hashes and search for keys instead of simply >> blasting out messages to the whole lot? > Beats me. You're the one who's assuming someone wants > to harvest email addresses. A desire to not publish my email addresses (but still have somebody who knows any of my addresses find my key on a server) does not equate to an assumption that somebody wants to harvest email addresses from servers. If such an assumption was stated it wasn't by me. (-: > Imagining a spammer behind > it is just part of a thought exercise. Fair enough. It just seemed difficult to imagine what would be the return on their effort. > Focus on the > real issue -- that this scheme you're proposing is not > secure against an even mildly motivated attacker -- not > who the prospective attacker is. Fair enough, I underestimated quite how easy a brute force attack could be. Longer email addresses at less-obvious domain names makes it just that little bit harder but that is not really the point, IMHO. Since anybody can add a certification to the key saying whatever they choose, somebody else could make public one or more of the hashed email addresses or identities. No major problem, just add a new one. Is not about providing complete confidentiality, anonymity or security. Instead of leaving a document open on the desk, this scheme is more akin to putting it in the drawer or cupboard than it is to putting it in the safe. Not secure but good enough in many circumstances. - -- Best regards MFPA mailto:expires2...@ymail.com You can't build a reputation on what you are going to do -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNe/L5nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pYCwD/3iq j/lM7ACgiteMKjkncvhLTnrNv2yJg+ybKd1fqz+K9oTkT/UG/aoiNGLQZOmHDs1y HtjfrqcdUQVael3uhj5zl1KrYpXWmDjTBFpQHEspxpqmXY2529WqOrvDqyHdvUMg qFeWHDI8hbCXGi4+gY/md9JzOfymLo0LNcPBV8eB =m7VY -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
