what if they have my sec key?

Faramir faramir.cl at gmail.com
Thu May 29 14:02:20 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ramon Loureiro escribió:
> Hi!
> 
> I'm using different PCs at work for sending email (and other things, of
> course...)
> They are shared with 3 more users.
> 
> Is it possible for these users to hack my secret key?
> If they have got it, can they use some kind of brute force system to
> guess my pass phrase?
> 
> What will be the best option in this scenario?
> Having the secret key on my USB drive?
> ?

  There is a tutorial somewhere, "keeping your private key safe", that
says you can carry just a couple of subkeys, and use them to
sign/encrypt/decrypt messages... and if something bad happen, you just
need to revocat... to apply revocation to the subkeys, and to generate
another subkeys using your primary secret key (which you would keep at a
safe place, like your home computer, or in a USB stick hidden under your
dog's feeding bowl (use a titanium covered USB Stick, in case the dog is
hungry). The good part is you would never lose your primary key, so you
don't have to gather signatures again. But you won't be able to sign
other people's keys at work, just at home. Also, if your subkeys are
stolen -or you think they could have been compromised- on daily basis...
you would be collecting a pair of revocated subkeys each and everyday...
so maybe a combination would be good... carry the subkeys in the USB
stick, so if you lose it, you just lose the subkeys, and the files
wouldn't be available at your office when you are not there... so it
should be harder to steal them...

  And off course, use a passphase that is not in any dictionary...
bruteforce takes a lot of time, but dictionary attacks are pretty
fast... think about something that would make the thief to curse aloud
and in several languages (lol). The passphrase in your home computer
doesn't need to be the same than the one in the USB stick...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJIPptMAAoJEMV4f6PvczxA1OgIAJFSKijYR5XA6wHk671JCe+s
7sC1JifQvBZ+Nm6C8nFe8sVtJLskB0k9WfUv0HvHDsOco/izoOxIr3aIKwEk0fh7
8nj354urq1SdS8+NnpOxB5T9qj+P4URg9LdtNF7myc7PBcMdlOgX2/lbgYHpw43n
BC83t5b3RWITdZMaFacGvHpijuCM+9S18qG+yPgTI6y3R7tCVa9YqLwvJoU4YLVR
PSWGCdsW1RGveqffgz2QeOJSisSMBmJd3aXIJHccqbI4woUC5M3SM5P0hL1jEaMk
/qmqBNWZv5A2bJhp5yLY47MSDY0o4grHgC8wHnMHz7SVhB3ldBZRGx+mPvshAxw=
=iP6+
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list