secret key compromised?

Brian Minton minton@csc.smsu.edu
Sat Feb 17 17:39:00 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Feb 16, 2001 at 08:03:32PM -0500, Karol Pietrzak wrote:

> hello.
> i exported my secret key so i could import it into another
> computer (i wanted to sign / decrypt @ another computer).
> however, someone managed to get a copy of that exported key.
> should i be worried? a secret key isn't usable without the
> passphrase... and I have a pretty good one.
> what do you guys think?
I would go ahead and make a new one, and revoke the old one. This is because who knows if they don't know your passphrase from some other source. Of course, if they were that interested, they could probably get your secret key off of your computer without your knowledge or consent. If you have used a good passphrase that you are fairly sure would not be vulderable to attacks by someone who may know a lot about you, as well as dictionary attacks, then you might be ok. If you generated your passphrase with something like diceware, and have a typical 5 or 6 word passphrase, you should be fine. On the gripping hand, if it is your phone number ... :-) - -- Brian Minton minton@csc.smsu.edu Caution: in case of rapture, this computer will be unoccupied! PGP 0xE177AFF0 fingerprint AB94 E395 78CE 0967 2542 A7B3 178C 3E66 E177 AFF0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6jqLxp0PPDCS0QgIRAvYQAJ417LrMnZpwV13MnakIuGRrmp7O6ACdH0eF lqfMpLimMXqx8uQ1Hk9WjnU= =A2Oe -----END PGP SIGNATURE-----