Import of key from PGP secret keyring

Lapo Luchini lapo@lapo.it
Thu Feb 21 11:32:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As the tutorial said version 1.0.6 correctly support importing keys
protected by password... but it's happened something I
think is *very bad*.

The imported is protected frmo key indeed... but not the actual key, but
the key with which i created the PGP key!!!

Some years ago I thought that key to be too much insecure and I changed
pwd of my secret key with a new, longer, key... and
when I found out that the imported GPG key actually used the *old* key
my mouth hanged open... this means that, while PGP
asks me for the new password, all my secret key can be obtained using
only my old (and less secure) password...

Is that normal? I think not... 0_o

(please CC me as I'm not subscribed)

- --
Lapo 'Raist' Luchini
lapo@lapo.it (PGP & X.509 keys available)
http://www.lapo.it (ICQ UIN: 529796)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjx0x58ACgkQaJiCLMjyUvsr+QCfeUVuj9SOUia9neybqzGEoYbt
JiMAn0sdWBMA9iPtnYrR5TcodbPPneY0
=rrKp
-----END PGP SIGNATURE-----