Import of key from PGP secret keyring

disastry@saiknes.lv disastry@saiknes.lv
Fri Feb 22 09:24:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Lapo Luchini lapo@lapo.it wrote:
> The imported is protected frmo key indeed... but not the actual key, but
> the key with which i created the PGP key!!!
> 
> Some years ago I thought that key to be too much insecure and I changed
> pwd of my secret key with a new, longer, key... and
> when I found out that the imported GPG key actually used the *old* key
> my mouth hanged open... this means that, while PGP
> asks me for the new password, all my secret key can be obtained using
> only my old (and less secure) password...

probably you imported from keyring backup or something..

after changing pasphrase, don't forget that if you have key
backup(s) (and you should have) they are still protected with old
pasphrase, so you may want to destroy old backup(s) and create
new one(s).

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPHXiHjBaTVEuJQxkEQORJACfTsUSugm2QlkxjTJd+BCXXKDYx5YAn3Mg
WcYzlNaUZA2mcvnL6nSzo+Pc
=L1nj
-----END PGP SIGNATURE-----