Paul Foley wrote:

On Fri, 31 Jan 1997 17:51:47 -0800, Toto wrote:

...

If the repairman has your pubring and secring files, you can now consider them in the same light as a 'busted flush'.

The secret key is encrypted using the same IDEA algorithm that PGP uses to encrypt your files. If you trust IDEA, your key is as safe as your passphrase (not at all if you have no passphrase, not much if it's easily guessable, etc.)

Send me your secring file. I have a new password-buster I'd like to try out on it.

If your computer repairman has the capability to crack strong 128-bit ciphers, I'd be rather worried :-)

He doesn't have to crack the cipher, he only needs to find the password.

On the other hand, there's always the possibility of your passphrase being on the disk, say in a swap file, somewhere. Same goes for plaintext of any encrypted files/messages. I doubt anyone's gonna go hunting through your swap file, "empty" sectors, etc., looking for it, though, unless you've done something to really piss him off lately :-)

Or if he's a member of the CypherPunks list, read the message, and now considers it to be a personal challenge. Toto