Key Security Question
My computer went into the shop a few days ago, and I was unable to take my PGP keys off it before it went in. What are the security risks here? If the repairman chooses to snoop through the files, what would he be able to do with my key pair? Will I need to revoke the key and make a new one, or will I be relatively safe since he doesn't have my passphrase? Zach Babayco zachb@netcom.com <-------finger for PGP public key If you need to know how to set up a mail filter or defend against emailbombs, send me a message with the words "get helpfile" (without the " marks) in the SUBJECT: header, *NOT THE BODY OF THE MESSAGE!* I have several useful FAQs and documents available.
Z.B. wrote:
My computer went into the shop a few days ago, and I was unable to take my PGP keys off it before it went in. What are the security risks here? If the repairman chooses to snoop through the files, what would he be able to do with my key pair? Will I need to revoke the key and make a new one, or will I be relatively safe since he doesn't have my passphrase?
If the repairman has your pubring and secring files, you can now consider them in the same light as a 'busted flush'. Chances are, he has neither the capability nor the interest in popping open your deep, dark secrets. On the other hand, if he returns your computer with a 'shit-eating grin', you may be in for a world-of-hurt. My advice would be for you to check your 'paranoia level' and, if you are a quart low, then read Phil Zimmerman's PGP documentation once again, and make your decision based on the reality of the possibilities involved. Toto
"Z.B." <zachb@netcom.com> writes:
My computer went into the shop a few days ago, and I was unable to take my PGP keys off it before it went in. What are the security risks here? If the repairman chooses to snoop through the files, what would he be able to do with my key pair? Will I need to revoke the key and make a new one, or will I be relatively safe since he doesn't have my passphrase?
If the keys were protected with a passphrase, then it's unlikely that someone with access to the disk can use them without the passphrase. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
participants (3)
-
dlv@bwalk.dm.com -
Toto -
Z.B.