Unlabelled PGP messages
Yanek Martinson
yanek at novavax.nova.edu
Mon Nov 30 17:41:25 PST 1992
[talks about posting anonymous messages that only recipient can decrypt]
> like a 4-bit checksum of the PGP key or the key length as a label
> - it's not enough to identify which key it is, but it's enough
> to cut down on your decryption by a factor of 16.
> A longer checksum is too revealing - even 8 bits identifies
> 1/256th of the crypto community, which isn't very anonymous.
Why not generate a key just for this conversation, and then post a full
128-bit (22 base64 characters) hash in the subject.
You can even have a key for each message if the conconversation is two-way
then whenever you are about to send a message you can generate a new key
pair and include the new public key with your message.
As soon as you receive and decrypt the message for that key, destroy the
private key.
More information about the cypherpunks-legacy
mailing list