tcmay@netcom.com tells us:

Much more likely:

* Diskettes left lying around. Secret keys on home computers.

* Incompletely erased files. (Norton Utilities can recover erased files; mil-grade multiple-pass erasure may be needed.)

A simple search warrant executed on your premises will usually crack open all your crypto secrets. (Fixes to this are left as an exercise.)

Where to store one's secret key is an issue that makes academic the issue of whether one's key can be compelled. A diskette stored at one's home, in one's briefcase, etc., can be gotten. A pendant or dongle or whatever that stores the key can also be gotten. The passphrase (8-12 characters, typically) is secure, but not the key.

--Tim May

If your passphrase is good (128+ bits of entropy), then your private key is as secure as the messages that you send. Although it need be broaken only once, I see no real danger of IDEA being compromised in the near future. Given a good passphrase, I would suggest that you want multiple coppies of your key to prevent loss or accidental destruction. My passphrase is > 30 characters. Fortunately Mac PGP remembers the key during any given session so typing is kept down a bit. -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki@nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche