secret key compromised?

Frank Tobin
Sat Feb 17 15:04:10 2001

Hash: SHA1

Karol Pietrzak, at 20:03 -0500 on Fri, 16 Feb 2001, wrote:

    i exported my secret key so i could import it into another
    computer (i wanted to sign / decrypt @ another computer).
    however, someone managed to get a copy of that exported key.
    should i be worried?  a secret key isn't usable without the
    passphrase... and I have a pretty good one.

This is exactly why you have a passphrase on your secret key.  The more
you trust the notion that your passphrase is good, then the more you can
feel safe in the notion that your private key will not be compromised.

Of course, now change your password on your copy of your key you still
use, so that if your password is leaked out while using it somehow
(sniffer or something), it can't be retroactively applied to your old key.
If you change your password finding out the new password won't help
decrypt the compromised copy of your secret key.

- -- 
Frank Tobin
Version: GnuPG v1.0.4 (FreeBSD)
Comment: pgpenvelope 2.9.0 -