what if they have my sec key?

[Sven Radde]

Hi!

Ramon Loureiro schrieb:
> Is it possible for these users to hack my secret key?
> If they have got it, can they use some kind of brute force system to 
> guess my pass phrase?
Yes. If they can read your private keyring, they can start to 
brute-force your passphrase.
You should make sure that 1) they cannot read the private key - seperate 
user accounts with limited priviledges is the key here and 2) your 
passphrase is secure enough to frustrate anybody trying to crack it.
However, be aware that those other users might also be able to exploit 
security holes in the system in order to install keyloggers or similar, 
eliminatine the protection that your passphrase offers.
> What will be the best option in this scenario?
> Having the secret key on my USB drive?
Having the key on a USB drive is probably secure enough if you do not 
take into account malicious software on the system you want to use it on.
If you must assume that there  could be keyloggers/etc. be installed on 
the system (by other users or remote attackers), your best bet is 
probably the OpenPGP smartcard, which will keep your key safe.

NB that there are some "probably"s in my answer -- it all really depends 
on your threat model (i.e. how far are people willing to go to grab hold 
of your private key). It also depends on how you want to balance 
usability and security against each other.
In many cases, having the key in one's home directory unreadable by 
others could be good enough already. In other cases, even having a 
smartcard-reader with autonomous PIN-pad won't be secure.

HTH, Sven