From: Toto <toto@sk.sympatico.ca>
Date: Fri, 31 Jan 1997 18:01:30 -0800 (PST)
To: "Z.B." <zachb@netcom.com>
Subject: Re: Key Security Question
Message-ID: <199702010201.SAA29739@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Z.B. wrote:
> 
> My computer went into the shop a few days ago, and I was unable to take
> my PGP keys off it before it went in.  What are the security risks here?
> If the repairman chooses to snoop through the files, what would he be
> able to do with my key pair?  Will I need to revoke the key and make a
> new one, or will I be relatively safe since he doesn't have my
> passphrase?

  If the repairman has your pubring and secring files, you can now 
consider them in the same light as a 'busted flush'.
  Chances are, he has neither the capability nor the interest in 
popping open your deep, dark secrets. On the other hand, if he 
returns your computer with a 'shit-eating grin', you may be in for
a world-of-hurt.
  My advice would be for you to check your 'paranoia level' and,
if you are a quart low, then read Phil Zimmerman's PGP documentation
once again, and make your decision based on the reality of the
possibilities involved.

Toto