...

...

On the other hand, if the "repairman" replaced your pgp executable with version 2.6.3kgb, which uses your hashed passphrase as the session key, you're hosed. Or if he installed a keystroke sniffer, or added a small radio transmitter to your keyboard, or whatever. Depends on your threat model. If you need to be paranoid, they've already gotten you....

If you're really paranoid, you can boot from a clean floppy and reinstall everything from your backup tapes. You do have a contingency plan in case your hard disk goes bad, or gets a virus, don't you? Well, if you're in doubt, exercise it.

Face it, the only solution is to wrap your computer, cat, family, car and yourself in aluminium foil and burn your hard disk whilst chanting "yamma yamma yamma yaaaaamaa" Datacomms Technologies web authoring and data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey"