On Mar 21, 2011, at 12:13 PM, Jerome Baum wrote:

> Hauke Laging <mailinglis...@hauke-laging.de> writes:
> 
>> You know that. And the archive of this mailinglist now knows that you have 
>> once claimed to do that. So one may assume that the only recipient is you 
>> but 
>> that is not a strong technical conclusion from the message itself.
> 
> When I throw-keyids,  what's actually left over? Would  there be any way
> to match the keys from several messages, besides key size and type? Also
> if one (size, type) appears in all messages, I'd say the conclusion that
> I'm using encrypt-to-self is pretty safe.

In addition to the size and type information, there is also an interesting 
attack that can be done against speculative key IDs.  It doesn't (directly) 
help a third party know who the recipients are, but it does let any recipient 
try to confirm a guess as to who another recipient might be.

Let's say you encrypt a message to Alice and Baker and hide the key IDs.  Alice 
gets the message and knows there is one other recipient aside from herself.  
She considers who the message came from and what the message was about and 
makes an educated guess that the other recipient is Baker.  To confirm her 
guess, all Alice needs to do send a specially rigged speculative key ID message 
to Baker.  If Baker responds, then Alice knows he was the other recipient.

Throw-keyids has some good usages (posting a message for pickup in a public 
place, for example), but it's just a tool.  It's important not to rely solely 
on it.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to