secret key compromised?
Sat Feb 17 15:04:10 2001
-----BEGIN PGP SIGNED MESSAGE-----
Karol Pietrzak, at 20:03 -0500 on Fri, 16 Feb 2001, wrote:
i exported my secret key so i could import it into another
computer (i wanted to sign / decrypt @ another computer).
however, someone managed to get a copy of that exported key.
should i be worried? a secret key isn't usable without the
passphrase... and I have a pretty good one.
This is exactly why you have a passphrase on your secret key. The more
you trust the notion that your passphrase is good, then the more you can
feel safe in the notion that your private key will not be compromised.
Of course, now change your password on your copy of your key you still
use, so that if your password is leaked out while using it somehow
(sniffer or something), it can't be retroactively applied to your old key.
If you change your password finding out the new password won't help
decrypt the compromised copy of your secret key.
Frank Tobin http://www.uiuc.edu/~ftobin/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/
-----END PGP SIGNATURE-----