[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Security Question



Alan Olsen writes:
> At 10:41 AM 1/31/97 -0800, Z.B. wrote:
> >My computer went into the shop a few days ago, and I was unable to take
> >my PGP keys off it before it went in.  What are the security risks here?
> >If the repairman chooses to snoop through the files, what would he be
> >able to do with my key pair?  Will I need to revoke the key and make a
> >new one, or will I be relatively safe since he doesn't have my
> >passphrase?
> 
> Depends on how guessable your passphrase is.  If you use something that would
> fall to a dictionary attack, then you are vulnerable.  (Providing that they
> actually looked for your keyring and made a copy.)
> 
> If you had nyms on your keyring, then those nyms can be associated with your
> "true name" with no passphrase required.  (Unless you keep your keyring
> encrypted. Private Idaho supports encrypted keyrings, but little else does.)

Other attacks would be installing a keyboard sniffer, replacing your
PGP binary with a trojan that records your passphrase, etc.
This sort of stuff is quite possible but not likely.  Yet.
 
> If you are really concerned about it, you could learn to do your own computer
> repairs.

Or put your PGP keys on removeable media.

-- 
Eric Murray  [email protected]  [email protected]  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF