[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unlabelled PGP messages

[talks about posting anonymous messages that only recipient can decrypt]

> 	like a 4-bit checksum of the PGP key or the key length as a label 
> 	- it's not enough to identify which key it is, but it's enough
> 	to cut down on your decryption by a factor of 16.
> 	A longer checksum is too revealing - even 8 bits identifies 
> 	1/256th of the crypto community, which isn't very anonymous.

Why not generate a key just for this conversation, and then post a full
128-bit (22 base64 characters) hash in the subject.

You can even have a key for each message if the conconversation is two-way
then whenever you are about to send a message you can generate a new key
pair and include the new public key with your message.  

As soon as you receive and decrypt the message for that key, destroy the
private key.