Bill Stewart <stewarts@ix.netcom.com> writes:
My computer went into the shop a few days ago, and I was unable to take my PGP keys off it before it went in. What are the security risks here? If the repairman chooses to snoop through the files, what would he be able to do with my key pair? Will I need to revoke the key and make a new one, or will I be relatively safe since he doesn't have my passphrase?
Passphrases are MD5-hashed into 128-bit IDEA keys and used to encrypt the secret key; there's a "pgpcrack" program out there that does dictionary-style searches to find if you've got wimpy passphrases. So if your passphrases is "secret", you lose, but if it's "fjhw;doifvjuc-[09efiu v` 2 4rnhc;ljoipcvjpoiewujfgv;loik" you're probably pretty safe, unless that's written on the yellow sticky you left on the side of the PC.
On the other hand, if the "repairman" replaced your pgp executable with version 2.6.3kgb, which uses your hashed passphrase as the session key, you're hosed. Or if he installed a keystroke sniffer, or added a small radio transmitter to your keyboard, or whatever. Depends on your threat model. If you need to be paranoid, they've already gotten you....
If you're really paranoid, you can boot from a clean floppy and reinstall everything from your backup tapes. You do have a contingency plan in case your hard disk goes bad, or gets a virus, don't you? Well, if you're in doubt, exercise it. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps