secret key compromised?
Brian Minton
minton@csc.smsu.edu
Sat Feb 17 17:39:00 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Feb 16, 2001 at 08:03:32PM -0500, Karol Pietrzak wrote:
> hello.
> i exported my secret key so i could import it into another
> computer (i wanted to sign / decrypt @ another computer).
> however, someone managed to get a copy of that exported key.
> should i be worried? a secret key isn't usable without the
> passphrase... and I have a pretty good one.
> what do you guys think?
I would go ahead and make a new one, and revoke the old one. This is because
who knows if they don't know your passphrase from some other source. Of
course, if they were that interested, they could probably get your secret key
off of your computer without your knowledge or consent. If you have used a
good passphrase that you are fairly sure would not be vulderable to attacks by
someone who may know a lot about you, as well as dictionary attacks, then you
might be ok. If you generated your passphrase with something like diceware,
and have a typical 5 or 6 word passphrase, you should be fine. On the
gripping hand, if it is your phone number ... :-)
- --
Brian Minton
minton@csc.smsu.edu
Caution: in case of rapture, this computer will be unoccupied!
PGP 0xE177AFF0 fingerprint AB94 E395 78CE 0967 2542 A7B3 178C 3E66 E177 AFF0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6jqLxp0PPDCS0QgIRAvYQAJ417LrMnZpwV13MnakIuGRrmp7O6ACdH0eF
lqfMpLimMXqx8uQ1Hk9WjnU=
=A2Oe
-----END PGP SIGNATURE-----