[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Unlabelled PGP messages
[talks about posting anonymous messages that only recipient can decrypt]
> like a 4-bit checksum of the PGP key or the key length as a label
> - it's not enough to identify which key it is, but it's enough
> to cut down on your decryption by a factor of 16.
> A longer checksum is too revealing - even 8 bits identifies
> 1/256th of the crypto community, which isn't very anonymous.
Why not generate a key just for this conversation, and then post a full
128-bit (22 base64 characters) hash in the subject.
You can even have a key for each message if the conconversation is two-way
then whenever you are about to send a message you can generate a new key
pair and include the new public key with your message.
As soon as you receive and decrypt the message for that key, destroy the