On Jun 3, 2:36, "Robert A. Hayden" wrote:

However, I got to wondering about the security of PGP assuming somebody trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have it on my personal computer, and somebody gets my secret key, how much less robust has PGP just become, and what are appropriate and reasonable steps to take to protect this weakness?

If someone else has your secret key, it's safe to assume you're toast. ;) Better a new key and revocation certificate before the forgeries start (or before someone ELSE does before you ... <shudder>). More specifically, if you've failed to assign a passphrase to your secret key, you ARE toast, because anyone can just pick it up and use it. If you did use a passphrase, it becomes a question of breaking either the passphrase, or the IDEA algorithm used to encrypt your secret key. It's usually a lot easier to break the passphrase than it is to brute force IDEA. See the PGP Passphrase FAQ (http://www.stack.urc.tue.nl/~galactus/remailers/passphrase-faq.html) and Arnold Reinhold's page (http://world.std.com/~reinhold/papers.html) for more details. -H