Security of Exchanging Anonymous Hex IDs

 Top  Previous  Next

MPGP uses anonymous keys to facilitate the sharing of information between people that have not already exchanged permanent public keys through another medium.

 

As described earlier, the exchange of anonymous public keys is theoretically vulnerable to a man-in-the-middle attack where the owner of an irc server or some else who is capable of intercepting and dynamically modifying your conversations in real time, could stand between you and the person you are talking to and in effect pretend to each of you to be the other, and do some encrypting and decrypting on the fly in order to make you each think you are talking to the other, when you are really talking through this intermediary spy.

 

If you are going to have repeated conversations with someone, it is probably worth the effort to find a way to exchange non-anonymous public keys, either through a public free forum, or through email.

 

A note about automatically exchanging Anonymous Hex IDs:

 

When you send a message to another person's anonymous key, MPGP performs an initial check to see if you already have their anonymous public key on file.  It does this by asking the other person for the Hex ID of their anonymous public key.  This is a 64bit number which does not tell you anything about them - it is only useful for determining if you already have their anonymous key on file.

 

If you do already have the key on file, it saves you about 2k of downloading. If you don't, you must first request their public key before you can send them your message.

 

Note that from the options dialog you can configure how you want to deal with requests for your anonymous Hex ID and/or anonymous public key, in order to prevent people from acquiring it (even though this is considered not a risk) if you are really paranoid.

 

NOTE: There is one specific occasion where you might be concerned about exchanging anonymous hex ids.   If you have secure conversations with the same person, while pretending to be different people (but using the same mpgp installations), the person you are talking to could be alerted to the fact that they are talking  to the same person, because both of your irc identities would return the same public key hex ids.  You can avoid this scenario by using separate mirc installations for your different identities, with separate mpgp installations in each.  Or by frequently regenerating new anonymous keys, or by setting the options dialog to deny requests for your anonymous hex id by default.