1997-02-01 - Re: Key Security Question

Header Data

From: Toto <toto@sk.sympatico.ca>
To: “Z.B.” <zachb@netcom.com>
Message Hash: 89407a3c0d970ee6acf6f73c1662e5dd013dc1d4aa5494b238a1c38006290715
Message ID: <32F2A1B3.FC4@sk.sympatico.ca>
Reply To: <Pine.3.89.9701311005.A14002-0100000@netcom>
UTC Datetime: 1997-02-01 00:20:08 UTC
Raw Date: Fri, 31 Jan 1997 16:20:08 -0800 (PST)

Raw message

From: Toto <toto@sk.sympatico.ca>
Date: Fri, 31 Jan 1997 16:20:08 -0800 (PST)
To: "Z.B." <zachb@netcom.com>
Subject: Re: Key Security Question
In-Reply-To: <Pine.3.89.9701311005.A14002-0100000@netcom>
Message-ID: <32F2A1B3.FC4@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Z.B. wrote:
> 
> My computer went into the shop a few days ago, and I was unable to take
> my PGP keys off it before it went in.  What are the security risks here?
> If the repairman chooses to snoop through the files, what would he be
> able to do with my key pair?  Will I need to revoke the key and make a
> new one, or will I be relatively safe since he doesn't have my
> passphrase?

  If the repairman has your pubring and secring files, you can now 
consider them in the same light as a 'busted flush'.
  Chances are, he has neither the capability nor the interest in 
popping open your deep, dark secrets. On the other hand, if he 
returns your computer with a 'shit-eating grin', you may be in for
a world-of-hurt.
  My advice would be for you to check your 'paranoia level' and,
if you are a quart low, then read Phil Zimmerman's PGP documentation
once again, and make your decision based on the reality of the
possibilities involved.

Toto







Thread