Why revoke a key?
Jan Janka
takethebus at gmx.de
Mon Oct 10 23:29:57 CEST 2011
-------- Original-Nachricht --------
> Datum: Sun, 09 Oct 2011 18:52:30 -0400
> Von: "Robert J. Hansen" <rjh at sixdemonbag.org>
> An: gnupg-users at gnupg.org
> Betreff: Re: Why revoke a key?
> > Let's say I have my private key on an USB stick and lose the
> > stick somewhere in public. The key is protected by the mantra. I'm
> > sure, nobody knows the mantra except me. Should I revoke the key
> > or could I keep on working with a copy of it?
>
> Depends on how strong the passphrase is. I've often said that I'm
> willing to publish my private key in the _New York Times_, if someone
> is willing to pay for it.
> With a strong passphrase, someone getting access to your private key
> is not a big deal so long as you can guarantee they will never get
> access to your passphrase.
How long would it take to execute a successful brute force attack on a pasphrase consisting of 12 symbols (symbols available on common keyboards)?
If the attacker only got the passphrase and not the private key, I can simply change the passphrase to be secure again. Right? So I'd say my key is compromised if I think an attacker got BOTH, the passphrase AND the key.
More information about the Gnupg-users
mailing list