-----BEGIN PGP SIGNED MESSAGE----- At 02.36 AM 6/3/96 -0500, Robert A. Hayden wrote:
-----BEGIN PGP SIGNED MESSAGE-----
About once a week we get some lame-o flame bait posted to alt.security.pgp or this mailing list or somewhere abotu some hole in PGP. We further say with fairly good reliability that they are bogus, get a light chuckle, and then go back to dealing with the real issues.
However, I got to wondering about the security of PGP assuming somebody trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have it on my personal computer, and somebody gets my secret key, how much less robust has PGP just become, and what are appropriate and reasonable steps to take to protect this weakness?
Thanks
-----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2
iQCVAwUBMbJ5xTokqlyVGmCFAQGcAgQAvjFdZ+YLdQGxDHcT+GOwP82BSwiTYlaQ F9RV8L+radCK/SyeLnEtoodkKVqpcsItIQ/JJ44FOAmnsBLljuWqbhZMl8G8+uCB pcpkXpre83CwoM6qDKkCEyqCiMxq857ioCoqb+WRNJYbb++muVBDHADVzGoGOjLg cvIMxnnXF3c= =tnTb -----END PGP SIGNATURE-----
Once your secret key has been compromised, then all that prevents a Bad Guy from reading your message is your secret key passphrase. (I believe that, aside from grabbing keystrokes a la TEMPEST, the only way to get this passphrase is by brute-forcing it, or maybe searching your house for the little piece of paper that you may have written it on.) I have seen equations which claim to compute the security of your passphrase and also passphrase generators - I don't know if either are any good, though. - ------------------------------------------------------------------------------- David Rosoff (nihongo o chiisaku dekimasu) drosoff@arc.unm.edu For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers pub 1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu> Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 I accept anonymous mail. If I didn't sign it, you don't know I wrote it. - --- "Made weak by time and fate, but strong in will / To strive, to seek, to find-- and not to yield." ----- "Ulysses", by Alfred, Lord Tennyson -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbTCmBguzHDTdpL5AQEH4gP/TT3myaSislU3En4xwaB2cWmYhCItlhL/ nhLZM4uxOHv87zsHjYIBrHEHxVHnYOaH/Kd7zSRPRB0ArTDIMP/ZtYISMUNhfSd2 bX+LNdASX9rbiD1Vfcvb/vw6nKlfvdz2WoeeTE/yqSeHjnE7+izEX4Xi/9mHB4s/ N9DDK16kgi4= =snQo -----END PGP SIGNATURE-----